Summary
This host has Microsoft SQL Server, which is prone to Privilege Escalation Vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code, with a crafted SQL expression or Exposure of sensitive information or Privilege escalation.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
Insight
The flaws are due to
- error when initializing memory pages, while reallocating memory.
- buffer overflow error in the convert function, while handling malformed input strings.
- memory corruption error, while handling malformed data structures in on-disk files.
- buffer overflow error, while processing malformed insert statements.
Affected
Microsoft SQL Server 2000 Service Pack 4
Microsoft SQL Server 2005 Service Pack 2
Microsoft SQL Server 2005 Edition Service Pack 2
Microsoft SQL Server 2005 Express Edition Service Pack 2 Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2
References
Severity
Classification
-
CVE CVE-2008-0085, CVE-2008-0086, CVE-2008-0106, CVE-2008-0107 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (953838)
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
- .NET JIT Compiler Vulnerability