CVE-2008-0106

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server 2005 SP1 Microsoft SQL Server 2005 SP2 Microsoft SQL Server 2005 Express Edition SP1 Microsoft SQL Server 2005 Express Edition SP2

Description A buffer overflow issue exists, allowing remote authenticated users to execute arbitrary code via a crafted insert statement. This could enable an authenticated attacker to gain elevation of privilege, potentially running code and taking complete control of the system.

Recommendations For Microsoft SQL Server 2005 SP1, update to a version that includes the fix for this issue. For Microsoft SQL Server 2005 SP2, update to a version that includes the fix for this issue. For Microsoft SQL Server 2005 Express Edition SP1, update to a version that includes the fix for this issue. For Microsoft SQL Server 2005 Express Edition SP2, update to a version that includes the fix for this issue.