CVE-2008-0085
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
SQL Server versiones 7.0 SP4, 2000 SP4, 2005 SP1 y SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 y SP2, y 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) versión 1.0 SP4; y Internal Database (WYukon) SP2, no inicializa las páginas de memoria al reasignar memoria, lo que permite a los operadores de bases de datos conseguir información confidencial (contenido de base de datos) mediante vectores desconocidos relacionados con la reutilización de páginas de memoria.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-01-03 CVE Reserved
- 2008-07-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/516397/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1020441 | Third Party Advisory | |
| http://www.us-cert.gov/cas/techalerts/TA08-190A.html | Third Party Advisory | |
| http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2008/2022/references | Broken Link | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14213 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2011-0003.html | 2019-02-28 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040 | 2019-02-28 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/30970 | 2019-02-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Wmsde Search vendor "Microsoft" for product "Wmsde" | 2000 Search vendor "Microsoft" for product "Wmsde" and version "2000" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Wmsde Search vendor "Microsoft" for product "Wmsde" | 2000 Search vendor "Microsoft" for product "Wmsde" and version "2000" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Wyukon Search vendor "Microsoft" for product "Wyukon" | * | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Wyukon Search vendor "Microsoft" for product "Wyukon" | * | sp2 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Wmsde Search vendor "Microsoft" for product "Wmsde" | 2000 Search vendor "Microsoft" for product "Wmsde" and version "2000" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Wmsde Search vendor "Microsoft" for product "Wmsde" | 2000 Search vendor "Microsoft" for product "Wmsde" and version "2000" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | - | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Wyukon Search vendor "Microsoft" for product "Wyukon" | * | sp2, x64 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Wyukon Search vendor "Microsoft" for product "Wyukon" | * | sp2, x64 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | - | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Data Engine Search vendor "Microsoft" for product "Data Engine" | 1.0 Search vendor "Microsoft" for product "Data Engine" and version "1.0" | sp4 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 7.0 Search vendor "Microsoft" for product "Sql Server" and version "7.0" | sp4 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2000 Search vendor "Microsoft" for product "Sql Server" and version "2000" | sp4 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2000 Search vendor "Microsoft" for product "Sql Server" and version "2000" | sp4, itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2005 Search vendor "Microsoft" for product "Sql Server" and version "2005" | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2005 Search vendor "Microsoft" for product "Sql Server" and version "2005" | sp1, itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2005 Search vendor "Microsoft" for product "Sql Server" and version "2005" | sp1, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2005 Search vendor "Microsoft" for product "Sql Server" and version "2005" | sp1, express |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2005 Search vendor "Microsoft" for product "Sql Server" and version "2005" | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2005 Search vendor "Microsoft" for product "Sql Server" and version "2005" | sp2, itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2005 Search vendor "Microsoft" for product "Sql Server" and version "2005" | sp2, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Search vendor "Microsoft" for product "Sql Server" | 2005 Search vendor "Microsoft" for product "Sql Server" and version "2005" | sp2, express |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Sql Server Desktop Engine Search vendor "Microsoft" for product "Sql Server Desktop Engine" | 2000 Search vendor "Microsoft" for product "Sql Server Desktop Engine" and version "2000" | sp4 |
Affected
| ||||||