CVE-2008-4110

CVSS V2 High 7.6 CVSS V3 None
Description
Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
Overview
  • CVE ID
  • CVE-2008-4110
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2008-09-16T22:00:00
  • Last Modified Date
  • 2018-10-11T20:50:54
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:H/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • HIGH
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.6
  • Severity
  • HIGH
  • Exploitability Score
  • 4.9
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/31129 Exploit
http://securityreason.com/securityalert/4262
https://exchange.xforce.ibmcloud.com/vulnerabilities/45186
http://www.securityfocus.com/archive/1/496232/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2008-4110
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4110
History
Created Old Value New Value Data Type Notes
2022-05-10 18:27:54 Added to TrackCVE