Vulnerability Name: CVE-2008-0085 (CCN-41459) Assigned: 2008-07-08 Published: 2008-07-08 Updated: 2019-02-28 Summary: SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. CVSS v3 Severity: 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N 3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2008-0085 Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-037 to MS08-040 Microsoft SQL Server and MSDE Multiple Vulnerabilities 30970 VMware vCenter Server / Update Manager SQL Express Multiple Vulnerabilities Microsoft SQL Server Bugs Let Remote Authenticated Users Obtain Information and Execute Arbitrary Code MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) Centrex IP Client Manager (CICM) response to Microsoft July security bulletin Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Microsoft SQL Server Memory Page Reuse Information Disclosure Vulnerability 1020441 TA08-190A Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html ADV-2008-2022 MS08-040 mssql-page-reuse-information-disclosure(41459) oval:org.mitre.oval:def:14213 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2000:sp4:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2000:sp4:*:*:*:*:itanium:* OR cpe:/a:microsoft:sql_server:2005:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp1:*:*:*:*:itanium:* OR cpe:/a:microsoft:sql_server:2005:sp1:*:*:*:*:x64:* OR cpe:/a:microsoft:sql_server:2005:sp1:express:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp2:*:*:*:*:itanium:* OR cpe:/a:microsoft:sql_server:2005:sp2:*:*:*:*:x64:* OR cpe:/a:microsoft:sql_server:2005:sp2:express:*:*:*:*:* OR cpe:/a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:* Configuration 2 :cpe:/a:microsoft:wmsde:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:wyukon:*:sp2:*:*:*:*:*:* AND cpe:/o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:* Configuration 3 :cpe:/a:microsoft:wmsde:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:wyukon:*:sp2:*:*:*:*:x64:* AND cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:sql_server_desktop_engine:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2000:sp4:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2000:sp4:itanium:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp1:x64:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp1:itanium:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp2:express:*:*:*:*:* OR cpe:/a:microsoft:sql_server:2005:sp1:express:*:*:*:*:* OR cpe:/a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:* OR cpe:/a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:* AND cpe:/a:vmware:vcenter_update_manager:4.0:*:*:*:*:*:*:* OR cpe:/a:vmware:vcenter_server:4.1:*:*:*:*:*:*:* Oval Definitions BACK
microsoft data engine 1.0 sp4
microsoft sql server 7.0 sp4
microsoft sql server 2000 sp4
microsoft sql server 2000 sp4
microsoft sql server 2005 sp1
microsoft sql server 2005 sp1
microsoft sql server 2005 sp1
microsoft sql server 2005 sp1
microsoft sql server 2005 sp2
microsoft sql server 2005 sp2
microsoft sql server 2005 sp2
microsoft sql server 2005 sp2
microsoft sql server desktop engine 2000 sp4
microsoft wmsde 2000
microsoft wyukon * sp2
microsoft windows 2003 server - sp1
microsoft windows 2003 server - sp2
microsoft wmsde 2000
microsoft wyukon * sp2
microsoft windows server 2003 *
microsoft windows server 2003 - sp2
microsoft sql server desktop engine 2000
microsoft sql server 2000 sp4
microsoft sql server 2005 sp1
microsoft sql server 7.0 sp4
microsoft sql server 2005 sp2
microsoft sql server 2000 sp4
microsoft sql server 2005 sp2
microsoft sql server 2005 sp1
microsoft sql server 2005 sp2
microsoft sql server 2005 sp1
microsoft sql server 2005 sp2
microsoft sql server 2005 sp1
microsoft data engine 1.0 sp4
microsoft sql server desktop engine 2000 sp4
vmware vcenter update manager 4.0
vmware vcenter server 4.1
Denotes that component is vulnerable