Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microsoft
Published: 2008-07-08T23:00:00
Updated: 2018-10-15T20:57:01
Reserved: 2008-01-07T00:00:00
Link: CVE-2008-0107
JSON object: View
NVD Information
Status : Modified
Published: 2008-07-08T23:41:00.000
Modified: 2019-02-26T14:04:00.993
Link: CVE-2008-0107
JSON object: View
Redhat Information
No data.
CWE