Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
References
Advertisement
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Information
Published : 2008-07-08 16:41
Updated : 2019-02-26 06:04
NVD link : CVE-2008-0107
Mitre link : CVE-2008-0107
JSON object : View
CWE
CWE-189
Numeric Errors
Advertisement
Products Affected
microsoft
- sql_server_desktop_engine
- data_engine
- windows_2003_server
- wmsde
- sql_server
- windows_server_2008
- wyukon
- windows_server_2003