4418 matches found
Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege 941203 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately disclosed vulnerabilities. The more serious of...
CVE-2008-0086
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine MSDE 2000 SP4, and 2000 Desktop Engine WMSDE allows remote authenticated users to execute arbitrary code via a crafted SQL expression...
CVE-2008-0107
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 allows remote authenticated users to execute arbitrary code...
Buffer overflow
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement...
CVE-2008-0085
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 does not initialize memory pages when reallocating memory, which allows database...
Integer overflow
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 allows remote authenticated users to execute arbitrary code...
Design/Logic Flaw
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 does not initialize memory pages when reallocating memory, which allows database...
Buffer overflow
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine MSDE 2000 SP4, and 2000 Desktop Engine WMSDE allows remote authenticated users to execute arbitrary code via a crafted SQL expression...
CVE-2008-0106
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement...
CVE-2008-0106
CVE-2008-0106 describes a buffer overflow in Microsoft SQL Server 2005 SP1/SP2 and SQL Server 2005 Express SP1/SP2 that could allow remote authenticated users to execute arbitrary code via a crafted insert statement. The connected KB article MS08-040 (KB941203) confirms Microsoft released a secur...
CVE-2008-0107
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 allows remote authenticated users to execute arbitrary code...
CVE-2008-0106
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement...
CVE-2008-0085
CVE-2008-0085 describes a memory handling flaw in multiple SQL Server products (SQL Server 7.0, 2000, 2005 and related Desktop Engine variants) where memory pages are not initialized during reallocations, enabling a potential disclosure of sensitive data via memory-page reuse. Connected Microsoft...
CVE-2008-0086
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine MSDE 2000 SP4, and 2000 Desktop Engine WMSDE allows remote authenticated users to execute arbitrary code via a crafted SQL expression...
CVE-2008-0086
CVE-2008-0086 corresponds to vulnerabilities addressed by MS08-040. The Connected KB (KB941203) states MS08-040 resolves four privately disclosed vulnerabilities in Microsoft SQL Server products, with the more serious one enabling code execution and full system compromise if exploited. The CVE de...
CVE-2008-0107
CVE-2008-0107 is a memory corruption vulnerability in multiple SQL Server lineage components (SQL Server 7.0, SQL Server 2000/2005, MSDE/WYukon) triggered by a crafted on-disk file path supplied via SMB or WebDAV, leading to a heap-based buffer overflow. The flaw permits remote authenticated user...
CVE-2008-0085
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 does not initialize memory pages when reallocating memory, which allows database...
Microsoft SQL Server On-Disk MTF Data Structures Remote Memory Corruption Vulnerability
Description Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code in the context of the server. Failed attacks will likely caus...
MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
The remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that is vulnerable to multiple memory corruption issues. These vulnerabilities may allow an attacker to gain elevates privileges on the server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Microsoft SQL Server Convert Function Remote Memory Corruption Vulnerability
Description Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks...