CVE-2008-0085

medium

Microsoft

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Score

30.4%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

None

Availability

None

Published: July 8, 2008 (6518 days ago)

Last Modified: April 23, 2026

Vendor: Microsoft

Source: NVD

Description

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.

CWE

CWE-200

Affected Products

microsoft data enginemicrosoft sql servermicrosoft sql server desktop enginemicrosoft wmsdemicrosoft wyukon

References

🔗 secunia.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.us-cert.gov 🔗 www.vmware.com

CVE-2008-0085

Vulnerability Report

Description

CWE

Affected Products

References