MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote Microsoft SQL Server install is vulnerable to memory
corruption flaws.

Description :

The remote host is running a version of Microsoft SQL Server, Desktop
Engine or Internal Database that is vulnerable to multiple memory
corruption issues.

These vulnerabilities may allow an attacker to gain elevates
privileges on the server.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms08-040

Solution :

Microsoft has released a set of patches for SQL Server 7, 2000 and
2005.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 33444 ()

Bugtraq ID: 30082
30083
30118
30119

CVE ID: CVE-2008-0085
CVE-2008-0086
CVE-2008-0106
CVE-2008-0107