What is the severity of CVE-2008-0107?

CVE-2008-0107 has a medium severity due to its potential for unauthorized remote code execution.

How do I fix CVE-2008-0107?

To remediate CVE-2008-0107, users should apply the latest security patches provided by Microsoft for affected SQL Server versions.

Which versions are affected by CVE-2008-0107?

CVE-2008-0107 affects Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP1, and SP2, among other related products.

Can CVE-2008-0107 be exploited remotely?

Yes, CVE-2008-0107 can be exploited by remote authenticated users, allowing them to execute arbitrary code.

What type of vulnerability is CVE-2008-0107?

CVE-2008-0107 is classified as an integer underflow vulnerability affecting the SQL Server database engine.

Vulnerability/
CVE-2008-0107

critical

CWE

189 119

8/7/2008

7/8/2024

CVE-2008-0107: Buffer Overflow

First published: Tue Jul 08 2008(Updated: )

Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft SQL Server	=2005-sp1
Microsoft SQL Server	=2005-sp1
Microsoft SQL Server	=2000-sp4
Microsoft SQL Server	=2005-sp1
Microsoft SQL Server	=2005-sp1
Microsoft SQL Server	=7.0-sp4
Microsoft SQL Server	=2005-sp2
Microsoft SQL Server	=2000-sp4
Microsoft SQL Server Data Engine (MSDE)	=1.0-sp4
Microsoft SQL Server	=2005-sp2
Microsoft SQL Server	=2005-sp2
Microsoft SQL Server	=2000-sp4
Microsoft SQL Server	=2005-sp2
Microsoft Windows Media Services	=2000
Microsoft Yukon	=sp2
Microsoft Windows Server 2003	=sp1
Microsoft Windows Server 2003	=sp2
Microsoft Yukon	=sp2
Microsoft Windows Server
Microsoft Windows Server	=sp2
Microsoft Windows Server
Microsoft Windows Server

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-0107?
CVE-2008-0107 has a medium severity due to its potential for unauthorized remote code execution.
How do I fix CVE-2008-0107?
To remediate CVE-2008-0107, users should apply the latest security patches provided by Microsoft for affected SQL Server versions.
Which versions are affected by CVE-2008-0107?
CVE-2008-0107 affects Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP1, and SP2, among other related products.
Can CVE-2008-0107 be exploited remotely?
Yes, CVE-2008-0107 can be exploited by remote authenticated users, allowing them to execute arbitrary code.
What type of vulnerability is CVE-2008-0107?
CVE-2008-0107 is classified as an integer underflow vulnerability affecting the SQL Server database engine.

agent/type
agent/weakness
agent/severity
agent/references
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/microsoft
canonical/microsoft sql server
version/microsoft sql server/2005-sp1
version/microsoft sql server/2000-sp4
version/microsoft sql server/7.0-sp4
version/microsoft sql server/2005-sp2
canonical/microsoft sql server data engine (msde)
version/microsoft sql server data engine (msde)/1.0-sp4
canonical/microsoft windows media services
version/microsoft windows media services/2000
canonical/microsoft yukon
version/microsoft yukon/sp2
canonical/microsoft windows server 2003
version/microsoft windows server 2003/sp1
version/microsoft windows server 2003/sp2
canonical/microsoft windows server
version/microsoft windows server/sp2