CVE - CVE-2008-0107

CVE-ID
CVE-2008-0107	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:30119 URL:http://www.securityfocus.com/bid/30119 BUGTRAQ:20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability URL:http://www.securityfocus.com/archive/1/494082/100/0/threaded BUGTRAQ:20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX URL:http://www.securityfocus.com/archive/1/516397/100/0/threaded CERT:TA08-190A URL:http://www.us-cert.gov/cas/techalerts/TA08-190A.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2011-0003.html CONFIRM:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html IDEFENSE:20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723 MISC:http://www.insomniasec.com/advisories/ISVA-080709.1.htm MS:MS08-040 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040 OVAL:oval:org.mitre.oval:def:13936 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13936 SECTRACK:1020441 URL:http://www.securitytracker.com/id?1020441 SECUNIA:30970 URL:http://secunia.com/advisories/30970 VUPEN:ADV-2008-2022 URL:~~http://www.vupen.com/english/advisories/2008/2022/references~~ (Obsolete source)
Assigning CNA
Microsoft Corporation
Date Record Created
20080107	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080107)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)