CVE-2008-0106

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.0CRITICAL

EPSS

70.6%

top 1.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Data Engine Microsoft SQL Server Microsoft SQL Server Desktop Engine +1 more

Timeline

PublishedJul 8

Latest updateMay 1

Description

Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/sql_server2000, 2005, 7.0+2

▶NVDmicrosoft/sql2000, 2005+1

▶NVDmicrosoft/data_engine1.0

🔴Vulnerability Details

GHSA

GHSA-gpgw-g3fv-mcr3: Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary↗2022-05-01

▶

CVEList

CVE-2008-0106: Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary↗2008-07-08

▶