CVE-2008-0085: Infoleak
First published: Tue Jul 08 2008(Updated: )
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SQL Server | =2005-sp1 | |
| Microsoft SQL Server Data Engine | =2000-sp4 | |
| Microsoft SQL Server | =2005-sp1 | |
| Microsoft SQL Server | =7.0-sp4 | |
| Microsoft SQL Server | =2005-sp2 | |
| Microsoft SQL Server Data Engine (MSDE) | =1.0-sp4 | |
| Microsoft SQL Server | =2000-sp4 | |
| Microsoft SQL Server | =2005-sp2 | |
| Microsoft SQL Server | =2000-sp4 | |
| Microsoft SQL Server | =2005-sp1 | |
| Microsoft SQL Server | =2005-sp1 | |
| Microsoft SQL Server | =2005-sp2 | |
| Microsoft SQL Server | =2005-sp2 | |
| Microsoft Windows Media Services | =2000 | |
| Microsoft Yukon | =sp2 | |
| Microsoft Windows Server 2003 | =sp1 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Yukon | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.us-cert.gov/cas/techalerts/TA08-190A.html
- http://secunia.com/advisories/30970
- http://www.securitytracker.com/id?1020441
- http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
- http://www.vmware.com/security/advisories/VMSA-2011-0003.html
- http://www.vupen.com/english/advisories/2008/2022/references
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040
- http://www.securityfocus.com/archive/1/516397/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-0085?
The severity of CVE-2008-0085 is rated as medium due to potential data corruption vulnerabilities.
How do I fix CVE-2008-0085?
To fix CVE-2008-0085, apply the latest service packs and updates provided by Microsoft for the affected versions of SQL Server.
What software versions are affected by CVE-2008-0085?
CVE-2008-0085 affects Microsoft SQL Server versions 7.0, 2000, 2005, and their respective service packs.
What impact does CVE-2008-0085 have?
The impact of CVE-2008-0085 may lead to data corruption and potential unauthorized access through memory exploitation.
Is there a workaround for CVE-2008-0085 if I can't apply the update immediately?
If immediate patching is not possible for CVE-2008-0085, it is advised to limit access to the database and closely monitor for any suspicious activity.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft sql server
- version/microsoft sql server/2005-sp1
- canonical/microsoft sql server data engine
- version/microsoft sql server data engine/2000-sp4
- version/microsoft sql server/7.0-sp4
- version/microsoft sql server/2005-sp2
- canonical/microsoft sql server data engine (msde)
- version/microsoft sql server data engine (msde)/1.0-sp4
- version/microsoft sql server/2000-sp4
- canonical/microsoft windows media services
- version/microsoft windows media services/2000
- canonical/microsoft yukon
- version/microsoft yukon/sp2
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp1
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows server
- version/microsoft windows server/sp2