Check Point Advisories

Update Protection against Microsoft SQL Server Convert Function Buffer Overrun Vulnerability (MS08-040)

Check Point Reference: CPAI-2008-101
Date Published: 18 Jul 2008
Severity: Medium
Last Updated: Sunday 20 July, 2008
Source: Microsoft Security Bulletin MS08-040
Industry Reference:CVE-2008-0086
Protection Provided by:
Who is Vulnerable? Microsoft SQL Server 2000
Microsoft SQL Server 2000 Desktop Engine
Vulnerability Description A buffer overflow vulnerability was reported in Microsoft SQL Server. Microsoft SQL Server is a relational database management system (RDBMS). A remote attacker may exploit this vulnerability to run code on a vulnerable system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS08-040
Vulnerability DetailsThe vulnerability is due to insufficient data validation when processing parameters passed to CONVERT function in an SQL statement. An attacker can create a query that calls the convert function with a specially crafted expression, causing the function to overflow, allowing code execution. Successful exploitation of this issue may allow the attacker to take complete control of the target system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.