|
|
|||
| Rule General Information |
|---|
| Release Date: | 2014-12-16 | |
| Rule Name: | Microsoft SQL Server Backup Restoring Memory Corruption Vulnerability -3 (CVE-2008-0107) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (4) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow. | |
| Impact: | Remote code execution | |
| Affected OS: | Windows | |
| Reference: | CVE-2008-0107 SecurityFocusBID:30119 |
|
| Solutions |
|---|
| Update vendor's patch. |