CVE-2008-0085
Summary
| CVE | CVE-2008-0085 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-07-08 23:41:00 UTC |
| Updated | 2019-02-28 00:59:00 UTC |
| Description | SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Data Engine | 1.0 | sp4 | All | All |
| Application | Microsoft | Data Engine | 1.0 | sp4 | All | All |
| Application | Microsoft | Sql Server | 2000 | sp4 | All | All |
| Application | Microsoft | Sql Server | 2000 | sp4 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp1 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp1 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp1 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp1 | express | All |
| Application | Microsoft | Sql Server | 2005 | sp2 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp2 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp2 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp2 | express | All |
| Application | Microsoft | Sql Server | 7.0 | sp4 | All | All |
| Application | Microsoft | Sql Server | 2000 | sp4 | All | All |
| Application | Microsoft | Sql Server | 2000 | sp4 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp1 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp1 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp1 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp1 | express | All |
| Application | Microsoft | Sql Server | 2005 | sp2 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp2 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp2 | All | All |
| Application | Microsoft | Sql Server | 2005 | sp2 | express | All |
| Application | Microsoft | Sql Server | 7.0 | sp4 | All | All |
| Application | Microsoft | Sql Server Desktop Engine | 2000 | sp4 | All | All |
| Application | Microsoft | Sql Server Desktop Engine | 2000 | sp4 | All | All |
| Operating System | Microsoft | Windows 2003 Server | - | sp1 | All | All |
| Operating System | Microsoft | Windows 2003 Server | - | sp2 | All | All |
| Operating System | Microsoft | Windows 2003 Server | - | sp1 | All | All |
| Operating System | Microsoft | Windows 2003 Server | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | All | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2003 | All | All | All | All |
| Operating System | Microsoft | Windows Server 2003 | - | sp2 | All | All |
| Application | Microsoft | Wmsde | 2000 | All | All | All |
| Application | Microsoft | Wmsde | 2000 | All | All | All |
| Application | Microsoft | Wyukon | All | sp2 | All | All |
| Application | Microsoft | Wyukon | All | sp2 | All | All |
| Application | Microsoft | Wyukon | All | sp2 | All | All |
| Application | Microsoft | Wyukon | All | sp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| US-CERT Technical Cyber Security Alert TA08-190A -- Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | Third Party Advisory, US Government Resource |
| SecurityTracker.com Archives - Microsoft SQL Server Bugs Let Remote Authenticated Users Obtain Information and Execute Arbitrary Code | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | Third Party Advisory, VDB Entry |
| VMSA-2011-0003 | CONFIRM | www.vmware.com | Patch, Third Party Advisory |
| Microsoft Security Bulletin MS08-040 - Important | Microsoft Docs | MS | docs.microsoft.com | Patch, Vendor Advisory |
| Microsoft SQL Server and MSDE Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Broken Link |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | Third Party Advisory |
| VMware vCenter Server 4.1 Update 1 Release Notes | CONFIRM | www.vmware.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.