ID CVE-2008-0107
Summary Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2000:sp4:itanium:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2000:sp4:itanium:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2005:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2005:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2005:sp1:express:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2005:sp1:express:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2005:sp1:itanium:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2005:sp1:itanium:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2005:sp1:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2005:sp1:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2005:sp2:express:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2005:sp2:express:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:wmsde:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:wmsde:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:wyukon:*:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:wyukon:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:wyukon:*:sp2:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:wyukon:*:sp2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
CVSS
Base: 9.0 (as of 26-02-2019 - 14:04)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
oval via4
accepted 2013-10-07T04:01:41.259-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Pradeep R B
    organization SecPod Technologies
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft SQL Server 2005 SP2 is installed
    oval oval:org.mitre.oval:def:8397
  • comment Microsoft SQL Server 2005 is installed
    oval oval:org.mitre.oval:def:6082
  • comment Microsoft SQL Server 2005 SP2 is installed
    oval oval:org.mitre.oval:def:8397
  • comment Microsoft SQL Server 2005 is installed
    oval oval:org.mitre.oval:def:6082
description Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:13936
status accepted
submitted 2011-11-15T14:16:37
title Memory Corruption Vulnerability in SQL Server
version 15
refmap via4
bid 30119
bugtraq
  • 20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability
  • 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
cert TA08-190A
confirm
idefense 20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability
misc http://www.insomniasec.com/advisories/ISVA-080709.1.htm
ms MS08-040
sectrack 1020441
secunia 30970
vupen ADV-2008-2022
Last major update 26-02-2019 - 14:04
Published 08-07-2008 - 23:41
Back to Top