Unrated severityNVD Advisory· Published Jul 8, 2008· Updated Apr 23, 2026
CVE-2008-0086
CVE-2008-0086
Description
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
Affected products
6cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server_express_edition:2005:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.us-cert.gov/cas/techalerts/TA08-190A.htmlnvdUS Government Resource
- secunia.com/advisories/30970nvd
- www.securityfocus.com/archive/1/494082/100/0/threadednvd
- www.securityfocus.com/archive/1/516397/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.vmware.com/security/advisories/VMSA-2011-0003.htmlnvd
- www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlnvd
- www.vupen.com/english/advisories/2008/2022/referencesnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-040nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14052nvd
News mentions
0No linked articles in our index yet.