← Back

CVE-2008-0085

nvd nist
Published: Jul 8, 2008Modified: Apr 23, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.

Affected (16)

Microsoft
5 products
Data Engine
Sql Server
Sql Server Desktop Engine
Wyukon
Wmsde
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Data Engine
Version 1.0 sp4
Microsoft
Sql Server
Version 2000 sp4
Sql Server
Version 2000 sp4
Sql Server
Version 2005 sp1
Sql Server
Version 2005 sp1
Sql Server
Version 2005 sp1
Sql Server
Version 2005 sp1
Sql Server
Version 2005 sp2
Sql Server
Version 2005 sp2
Sql Server
Version 2005 sp2
Sql Server
Version 2005 sp2
Sql Server
Version 7.0 sp4
Sql Server Desktop Engine
Version 2000 sp4
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Wyukon
All versions
Running on/withPlatform Versions
Microsoft
Windows 2003 Server
All versions
Microsoft
Windows 2003 Server
All versions
Configuration C
2 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Wmsde
Version 2000
Wyukon
All versions
Running on/withPlatform Versions
Microsoft
Windows Server 2003
All versions
Microsoft
Windows Server 2003
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party AdvisoryUS Government Resource
Source: secure@microsoft.com
PatchThird Party Advisory
Source: secure@microsoft.com
Third Party Advisory
Source: secure@microsoft.com
Broken Link
Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.