Microsoft SQL Server Multiple Vulnerabilities( 09 July 2008 )

Last Update Date: 28 Jan 2011 Release Date: 9 Jul 2008 5321 Views

RISK: Medium Risk

1. Memory Page Reuse Vulnerability

An information disclosure vulnerability exists in the way that SQL Server manages memory page reuse. An attacker with database operator access who successfully exploited this vulnerability could access customer data.

2. Convert Buffer Overrun

A vulnerability exists in the convert function in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system.

3. SQL Server Memory Corruption Vulnerability

A vulnerability exists in SQL Server that could allow an authenticated attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could run code and take complete control of the system.

4. SQL Server Buffer Overrun Vulnerability

Impact

Elevation of Privilege

System / Technologies affected

SQL Server 7.0
SQL Server 2000
Microsoft Data Engine (MSDE) 1.0
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
Microsoft SQL Server 2005 Express Edition
Microsoft Windows 2000
- Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Windows Server 2003
- Microsoft SQL Server 2000 Desktop Engine (WMSDE)
- Windows Internal Database (WYukon)
Windows Server 2008
- Windows Internal Database (WYukon)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch

SQL Server

GDR Software Updates	QFE Software Updates
SQL Server 7.0 Service Pack 4(KB948113)	SQL Server 7.0 Service Pack 4(KB948113)
SQL Server 2000 Service Pack 4(KB948110)	SQL Server 2000 Service Pack 4(KB948111)
SQL Server 2000 Itanium-based Edition Service Pack 4(KB948110)	SQL Server 2000 Itanium-based Edition Service Pack 4(KB948111)
SQL Server 2005 Service Pack 2(KB948109)	SQL Server 2005 Service Pack 2(KB948108)
SQL Server 2005 x64 Edition Service Pack 2(KB948109)	SQL Server 2005 x64 Edition Service Pack 2(KB948108)
SQL Server 2005 with SP2 for Itanium-based Systems(KB948109)	SQL Server 2005 with SP2 for Itanium-based Systems(KB948108)
Microsoft Data Engine (MSDE) 1.0 Service Pack 4(KB948113)	Microsoft Data Engine (MSDE) 1.0 Service Pack 4(KB948113)
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4(KB948110)	Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4(KB948111)
Microsoft SQL Server 2005 Express Edition Service Pack 2(KB948109)	Microsoft SQL Server 2005 Express Edition Service Pack 2(KB948108)
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2(KB948109)	Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2(KB948108)

Windows Components

Microsoft Windows 2000 Service Pack 4
- Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
- Windows Internal Database (WYukon) Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
- Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
- Windows Internal Database (WYukon) x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems
- Windows Internal Database (WYukon) Service Pack 2
Windows Server 2008 for x64-based Systems
- Windows Internal Database (WYukon) x64 Edition Service Pack 2

Microsoft SQL Server Multiple Vulnerabilities( 09 July 2008 )

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link