Oval Definition:oval:org.mitre.oval:def:14213
Revision Date:2013-10-07Version:10
Title:Memory Page Reuse Vulnerability in SQL Server
Description:SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-0085
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s):Microsoft SQL Server 2000
Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Microsoft SQL Server 2005
Windows Internal Database (WYukon)
Definition Synopsis
  • SQL Server 2000 SP4 - GDR
  • SQL Server 2000 is installed
  • AND SQL Server 2000 GDR - the version of sqlservr.exe is greater than 2000.80.2000.0
  • AND Check if version of Sqlservr.exe is less than 2000.80.2050.0
  • OR SQL Server 2000 SP4- QFE
  • SQL Server 2000 is installed
  • AND SQL Server 2000 GDR - the version of sqlservr.exe is greater than 2000.80.2000.0
  • AND Check if version of Sqlservr.exe is less than 2000.80.2273.0
  • OR SQL Server 2005 SP2 - GDR
  • Check for SQL server 2005 SP2 and Vulnerable sqlservr.exe
  • Microsoft SQL Server 2005 SP2 is installed
  • AND The version of Sqlservr.exe is greater than or equal to 2005.90.3042.0
  • AND Check if version of Sqlservr.exe is less than 2005.90.3068.0
  • OR Check for SQL server 2005 SP2 and Vulnerable msdtssrvr.exe
  • Microsoft SQL Server 2005 is installed
  • AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\Setup\\SP equals 2
  • AND Check if version of Msdtssrvr.exe is less than 9.0.3068.0
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.3042.0
  • OR SQL Server 2005 SP2 - QFE
  • Check for SQL server 2005 SP2 and Vulnerable sqlservr.exe
  • Microsoft SQL Server 2005 SP2 is installed
  • AND The version of Sqlservr.exe is greater than or equal to 2005.90.3150.0
  • AND Check if version of Sqlservr.exe is less than 2005.90.3233.0
  • OR Check for SQL server 2005 SP2 and Vulnerable msdtssrvr.exe
  • Microsoft SQL Server 2005 is installed
  • AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\DTS\Setup\\SP equals 2
  • AND Check if version of Msdtssrvr.exe is less than 9.0.3233.0
  • AND The version of Msdtssrvr.exe is greater than or equal to 9.0.3150.0
    • BACK