CVE-2008-0086

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server 2000 SP4 Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4 Microsoft SQL Server 2000 Desktop Engine (WMSDE) SP4

Description A buffer overflow issue exists in the convert function of SQL Server, allowing remote authenticated users to execute arbitrary code via a crafted SQL expression. This could enable an authenticated attacker to gain elevation of privilege, potentially running code and taking complete control of the system.

Recommendations For Microsoft SQL Server 2000 SP4, consider restricting access to the convert function until a patch is available. For Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4, restrict the use of crafted SQL expressions to minimize the risk of exploitation. For Microsoft SQL Server 2000 Desktop Engine (WMSDE) SP4, avoid using the convert function with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.