- Home
- CVEs with nessus.description==The remote host is running a version of Microsoft SQL Server, Desktop Engine, or Internal Database that is affected by multiple vulnerabilities :
- An information disclosure vulnerability exists due to improper initialization of memory pages when reallocating memory. An unauthenticated, remote attacker can exploit this to obtain database contents, resulting in the disclosure of sensitive information.
(CVE-2008-0085)
- A remote code execution vulnerability exists due to a buffer overflow condition in the convert() function. An authenticated, remote attacker can exploit this, via a crafted SQL expression, to execute arbitrary code.
(CVE-2008-0086)
- A remote code execution vulnerability exists due to an unspecified buffer overflow condition. An authenticated, remote attacker can exploit this, via a crafted insert statement, to execute arbitrary code. (CVE-2008-0086)
- A remote code execution vulnerability exists due to an integer underflow condition. An authenticated, remote attacker can exploit this, via an SMB or WebDAV pathname for an on-disk file with a crafted record size value, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2008-0107)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top