CVE-2008-4110

high Microsoft
CVSS v3 Base Score
7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS Score
38.3%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Confidentiality
C
Integrity
C
Availability
C
Published: September 16, 2008 (6448 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.

CWE

CWE-119

Affected Products

microsoft sql server

References

🔗 securityreason.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com 🔗 securityreason.com