CVE-2008-0106

HIGH severity · CVSS 9 · Memory corruption

9CVSS HIGH

Summary

Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impact—

Integrity impact—

Availability impact—

Exploit probability (EPSS)71%

AV:N/AC:L/Au:S/C:C/I:C/A:C

Affected products we track (1)

Microsoft SQL Server

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

NVD record
http://secunia.com/advisories/30970
http://www.securityfocus.com/archive/1/494082/100/0/threaded
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securitytracker.com/id?1020441
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://www.vupen.com/english/advisories/2008/2022/references