First published: Tue Jul 08 2008(Updated: )
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft SQL Server Data Engine (MSDE) | =1.0-sp4 | |
Microsoft SQL Server | =7.0-sp4 | |
Microsoft SQL Server | =2000-sp4 | |
Microsoft SQL Server | =2005-sp2 | |
Microsoft SQL Server | =2000-sp4 | |
Microsoft SQL Server Express | =2005-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-0086 has a high severity rating due to its potential for remote code execution.
To fix CVE-2008-0086, install the latest service pack or security update for Microsoft SQL Server.
CVE-2008-0086 affects Microsoft SQL Server 2000 SP4 and MSDE 2000 SP4 installations.
Yes, CVE-2008-0086 can be exploited by remote authenticated users through crafted SQL expressions.
CVE-2008-0086 impacts various Microsoft SQL Server products, including SQL Server 2000 and Microsoft SQL Server Desktop Engine.