Summary
This host has Microsoft SQL Server, which is prone to Privilege Escalation Vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code, with a crafted SQL expression or Exposure of sensitive information or Privilege escalation.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
Insight
The flaws are due to
- error when initializing memory pages, while reallocating memory.
- buffer overflow error in the convert function, while handling malformed input strings.
- memory corruption error, while handling malformed data structures in on-disk files.
- buffer overflow error, while processing malformed insert statements.
Affected
Microsoft SQL Server 2000 Service Pack 4
Microsoft SQL Server 2005 Service Pack 2
Microsoft SQL Server 2005 Edition Service Pack 2
Microsoft SQL Server 2005 Express Edition Service Pack 2 Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2
References
Severity
Classification
-
CVE CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Checks for MS HOTFIX for snmp buffer overruns
- Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
- Microsoft DirectShow Remote Code Execution Vulnerability (961373)