Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-0086 | First vendor Publication | 2008-07-08 |
Vendor | Cve | Last vendor Modification | 2018-10-15 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14052 | |||
Oval ID: | oval:org.mitre.oval:def:14052 | ||
Title: | Convert Buffer Overrun Vulnerability in SQL Server | ||
Description: | Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0086 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft SQL Server 2000 Microsoft SQL Server 2000 Desktop Engine (WMSDE) |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 3 | |
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2008-10-14 | Name : MS SQL Server Elevation of Privilege Vulnerabilities (941203) File : nvt/gb_ms08-040.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46772 | Microsoft SQL Server Convert Function Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
2008-07-17 | IAVM : 2008-A-0045 - DNS Protocol Cache Poisoning Vulnerability Severity : Category I - VMSKEY : V0016170 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | MSSQL CONVERT function unicode buffer overflow attempt RuleID : 21085 - Revision : 3 - Type : SERVER-MSSQL |
2014-01-10 | MSSQL CONVERT function buffer overflow attempt RuleID : 21084 - Revision : 3 - Type : SERVER-MSSQL |
2014-01-10 | MS-SQL convert function unicode overflow RuleID : 16073 - Revision : 8 - Type : OS-WINDOWS |
2014-01-10 | Microsoft SQL server MTF file download RuleID : 13896 - Revision : 14 - Type : SERVER-MSSQL |
2014-01-10 | Convert function style overwrite RuleID : 13892 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | Memory page overwrite attempt RuleID : 13891 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | Microsoft SQL Server Backup Database File integer overflow attempt RuleID : 13890 - Revision : 13 - Type : FILE-OTHER |
2014-01-10 | Microsoft SQL Server Backup Database File integer overflow attempt RuleID : 13889 - Revision : 13 - Type : FILE-OTHER |
2014-01-10 | Microsoft SQL Server Backup Database File integer overflow attempt RuleID : 13888 - Revision : 13 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2008-09-29 | Name : The remote SQL server is affected by multiple vulnerabilities. File : smb_kb941203.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Microsoft SQL Server install is vulnerable to memory corruption fl... File : smb_nt_ms08-040.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:06:56 |
|
2021-04-22 01:07:25 |
|
2020-05-23 00:21:03 |
|
2018-10-16 00:19:24 |
|
2018-10-13 00:22:38 |
|
2017-09-29 09:23:21 |
|
2016-04-26 16:59:13 |
|
2016-03-05 13:26:42 |
|
2014-02-17 10:43:18 |
|
2014-01-19 21:24:41 |
|
2013-11-11 12:37:49 |
|
2013-05-11 00:06:02 |
|