Vulnerability Description
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Data Engine | 1.0 |
| Microsoft | Sql Server | 7.0 |
| Microsoft | Sql Server Desktop Engine | 2000 |
| Microsoft | Wmsde | 2000 |
| Microsoft | Wyukon | All versions |
| Microsoft | Windows 2003 Server | - |
| Microsoft | Windows Server 2003 | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30970Vendor Advisory
- http://www.securityfocus.com/archive/1/516397/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1020441Third Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-190A.htmlThird Party AdvisoryUS Government Resource
- http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlPatchThird Party Advisory
- http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlThird Party Advisory
- http://www.vupen.com/english/advisories/2008/2022/referencesBroken Link
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-04PatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- http://secunia.com/advisories/30970Vendor Advisory
- http://www.securityfocus.com/archive/1/516397/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1020441Third Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-190A.htmlThird Party AdvisoryUS Government Resource
- http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlPatchThird Party Advisory
- http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlThird Party Advisory
FAQ
What is CVE-2008-0085?
CVE-2008-0085 is a vulnerability with a CVSS score of 5.0 (MEDIUM). SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Intern...
How severe is CVE-2008-0085?
CVE-2008-0085 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0085?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Data Engine, Microsoft Sql Server, Microsoft Sql Server Desktop Engine, Microsoft Wmsde, Microsoft Wyukon.