<< Back
CVE Number Vulnerability Product Severity Date
MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) Microsoft Data Critical 09-07-2008

Technical Information

Brief overview of the risk:
An information disclosure vulnerability exists in the way that SQL Server manages memory page reuse. An attacker with database operator access who successfully exploited this vulnerability could access customer data.
Detailed Information on the risk:
The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.Further information on this exploit is available at : MS08-040

Affected Software

Microsoft Data Engine (MSDE) 1.0 Service Pack 4
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4
Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Microsoft SQL Server 2000 Itanium-based Edition Service Pack 4
Microsoft SQL Server 2000 Service Pack 4
Microsoft SQL Server 2005 Express Edition Service Pack 2
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2
Microsoft SQL Server 2005 with SP2 for Itanium-based Systems
Microsoft SQL Server 2005 x64 Edition Service Pack 2
Microsoft SQL Server 7.0 Service Pack 4
Windows Internal Database (WYukon) Service Pack 2
Windows Internal Database (WYukon) x64 Edition Service Pack 2