| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS08-040 | Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) | Microsoft Data | Critical | 09-07-2008 |
Technical Information
Brief overview of the risk:
An information disclosure vulnerability exists in the way that SQL Server manages memory page reuse. An attacker with database operator access who successfully exploited this vulnerability could access customer data.
Detailed Information on the risk:
The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.Further information on this exploit is available at : MS08-040
Affected Software
Microsoft Data Engine (MSDE) 1.0 Service Pack 4Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4
Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Microsoft SQL Server 2000 Itanium-based Edition Service Pack 4
Microsoft SQL Server 2000 Service Pack 4
Microsoft SQL Server 2005 Express Edition Service Pack 2
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2
Microsoft SQL Server 2005 with SP2 for Itanium-based Systems
Microsoft SQL Server 2005 x64 Edition Service Pack 2
Microsoft SQL Server 7.0 Service Pack 4
Windows Internal Database (WYukon) Service Pack 2
Windows Internal Database (WYukon) x64 Edition Service Pack 2