CVE-2008-0086

critical Microsoft
CVSS v3 Base Score
9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS Score
71.7%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: July 8, 2008 (6518 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.

CWE

CWE-119

Affected Products

microsoft data enginemicrosoft sql servermicrosoft sql server desktop enginemicrosoft sql server express edition

References

🔗 secunia.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.us-cert.gov