Lucene search
K

11 matches found

CVE
CVE
added 2008/12/10 1:33 p.m.168 views

CVE-2008-5416

The connected KB/MS advisory confirms CVE-2008-5416 relates to a heap-based memory overwrite flaw in SQL Server via the sp_replwritetovarbin extended stored procedure. It affects multiple SQL Server family products and service packs (SQL Server 2000 SP4/MSDE 2000, SQL Server 2005 SP2, WYukon/Wind...

9CVSS7.8AI score0.87036EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.139 views

CVE-2007-5348

The CVE-2007-5348 entry concerns an IMAGE processing vulnerability in Microsoft GDI+ that could enable remote code execution. The connected KB954593 article MS08-052 describes multiple vulnerabilities in GDI+ across Windows and Office components that could be exploited by viewing a specially craf...

9.3CVSS8AI score0.52886EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.115 views

CVE-2008-3013

CVE-2008-3013 corresponds to a GDI+ GIF parsing vulnerability. The connected KB954593 (MS08-052) describes remote code execution in Windows GDI+ when a user views a specially crafted GIF, affecting multiple Windows versions and Office components. The underlying issue is memory corruption during G...

9.3CVSS7.7AI score0.52065EPSS
CVE
CVE
added 2008/07/08 11:0 p.m.112 views

CVE-2008-0107

CVE-2008-0107 is a memory corruption vulnerability in multiple SQL Server lineage components (SQL Server 7.0, SQL Server 2000/2005, MSDE/WYukon) triggered by a crafted on-disk file path supplied via SMB or WebDAV, leading to a heap-based buffer overflow. The flaw permits remote authenticated user...

9CVSS7.2AI score0.34539EPSS
CVE
CVE
added 2008/07/08 11:0 p.m.111 views

CVE-2008-0086

CVE-2008-0086 corresponds to vulnerabilities addressed by MS08-040. The Connected KB (KB941203) states MS08-040 resolves four privately disclosed vulnerabilities in Microsoft SQL Server products, with the more serious one enabling code execution and full system compromise if exploited. The CVE de...

9CVSS7.2AI score0.61927EPSS
CVE
CVE
added 2008/07/08 11:0 p.m.110 views

CVE-2008-0106

CVE-2008-0106 describes a buffer overflow in Microsoft SQL Server 2005 SP1/SP2 and SQL Server 2005 Express SP1/SP2 that could allow remote authenticated users to execute arbitrary code via a crafted insert statement. The connected KB article MS08-040 (KB941203) confirms Microsoft released a secur...

9CVSS7.2AI score0.35323EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.104 views

CVE-2008-3014

CVE-2008-3014 is the GDI+ WMF Buffer Overrun vulnerability. A buffer overflow in gdiplus.dll (GDI+) allows remote code execution when processing a malformed WMF image, affecting multiple Windows and Office components listed in the description (e.g., Internet Explorer 6 SP1 on various Windows vers...

9.3CVSS7.8AI score0.36722EPSS
CVE
CVE
added 2008/09/16 10:0 p.m.91 views

CVE-2008-4110

The OpenVAS/OpenVAS-derived data (plus CVE-2008-4110 details) confirms a buffer overflow in the Microsoft SQL Server 2000 ActiveX control: sqlvdir.dll (SQLVDIRLib.SQLVDirControl) that is loaded from Tools\Binn\sqlvdir.dll. The vulnerability is triggered by a long URL passed as the second argument...

7.6CVSS8.2AI score0.18415EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.89 views

CVE-2008-3015

CVE-2008-3015 (GDI+ BMP Integer Overflow) describes a vulnerability in gdiplus.dll where a BMP BitMapInfoHeader with malformed data can trigger a buffer overflow, enabling remote code execution. Affected products include Office XP SP3, Office 2003 SP2/SP3, Office 2007, Visio 2002 SP2, PowerPoint ...

9.3CVSS8AI score0.39272EPSS
CVE
CVE
added 2008/09/10 3:0 p.m.85 views

CVE-2008-3012

CVE-2008-3012 corresponds to an in-GDI+ memory allocation flaw in gdiplus.dll that could allow remote code execution when a specially crafted EMF image is viewed. Connected docs confirm this as MS08-052, addressing vulnerabilities in GDI+ across Windows and Office components (IE6, Windows XP, Ser...

9.3CVSS7.7AI score0.31037EPSS
CVE
CVE
added 2008/07/08 11:0 p.m.84 views

CVE-2008-0085

CVE-2008-0085 describes a memory handling flaw in multiple SQL Server products (SQL Server 7.0, 2000, 2005 and related Desktop Engine variants) where memory pages are not initialized during reallocations, enabling a potential disclosure of sensitive data via memory-page reuse. Connected Microsoft...

5CVSS6.7AI score0.10677EPSS