CVE-2008-0085

CWE-200 — Information Exposure3 documents3 sources

Severity

5.0MEDIUM

EPSS

30.4%

top 3.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Data Engine Microsoft SQL Server Microsoft SQL Server Desktop Engine +1 more

Timeline

PublishedJul 8

Latest updateMay 1

Description

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDmicrosoft/data_engine1.0

▶NVDmicrosoft/wmsde2000

▶NVDmicrosoft/sql_server2000, 2005, 7.0+2

▶NVDmicrosoft/sql2000

Patches

Patch: www.vmware.com ↗Patch: docs.microsoft.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-86c3-9x8j-mgp2: SQL Server 7↗2022-05-01

▶

CVEList

CVE-2008-0085: SQL Server 7↗2008-07-08

▶