Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
Vector
NETWORK
Complexity
LOW
Authentication
SINGLE_INSTANCE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Microsoft Data engine 1.0 Sp4 (not an official CPE)
Microsoft Wyukon Sp2 X64 (not an official CPE)
Microsoft Wyukon Sp2 (not an official CPE)
Microsoft Wmsde 2000 (not an official CPE)
Microsoft Sql server desktop engine 2000 Sp4 (not an official CPE)
Microsoft Sql server 2005 Sp2 X64 (not an official CPE)
Microsoft Sql server 2005 Sp2 Itanium (not an official CPE)
Microsoft Sql server 2005 Sp2 Express (not an official CPE)
Microsoft SQL Server 2005 Service Pack 2
Microsoft Sql server 2005 Sp1 X64 (not an official CPE)
Microsoft Sql server 2005 Sp1 Itanium (not an official CPE)
Microsoft Sql server 2005 Sp1 Express (not an official CPE)
Microsoft Sql server 2000 Sp4 Itanium (not an official CPE)
Microsoft SQL Server 2005 Service Pack 1
Microsoft SQL Server 2000 Service Pack 4
Microsoft SQL Server 7.0 Service Pack 4
KB948108 | MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege
KB948109 | MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege
KB948110 | MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege
KB948111 | MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege
KB948113 | MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege