CVE-2008-0086

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.0CRITICAL

EPSS

71.7%

top 1.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Data Engine Microsoft SQL Server Microsoft SQL Server Desktop Engine +1 more

Timeline

PublishedJul 8

Latest updateMay 1

Description

Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/data_engine1.0

▶NVDmicrosoft/sql_server2000, 2005, 7.0+2

▶NVDmicrosoft/sql2000, 2005+1

🔴Vulnerability Details

GHSA

GHSA-3pqp-55x3-46fh: Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows↗2022-05-01

▶

CVEList

CVE-2008-0086: Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows↗2008-07-08

▶