{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft SQL Server 7.0 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft SQL Server 2000 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft SQL Server 2005 Express Edition ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"la base de donn\u00e9es interne Windows (WYukon).","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft SQL Server 2000 Desktop Engine (WMSDE) ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft SQL Server 2005 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Data Engine (MSDE) 1.0 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDes vuln\u00e9rabilit\u00e9s affectent la r\u00e9utilisation des pages, l'allocation de\nm\u00e9moire de la fonction CONVERT, la validation des fichiers sur disque\navant leur chargement et la validation des instructions INSERT. Ces\nvuln\u00e9rabilit\u00e9s permettent \u00e0 une personne malveillante d'effectuer une\n\u00e9l\u00e9vation de privil\u00e8ges et d'ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-0107","url":"https://www.cve.org/CVERecord?id=CVE-2008-0107"},{"name":"CVE-2008-0085","url":"https://www.cve.org/CVERecord?id=CVE-2008-0085"},{"name":"CVE-2008-0086","url":"https://www.cve.org/CVERecord?id=CVE-2008-0086"},{"name":"CVE-2008-0106","url":"https://www.cve.org/CVERecord?id=CVE-2008-0106"}],"links":[],"reference":"CERTA-2008-AVI-356","revisions":[{"description":"version initiale.","revision_date":"2008-07-09T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s dans le serveur <span class=\"textit\">Microsoft\nSQL Server</span> permettent \u00e0 une personne malveillante d'effectuer une\n\u00e9l\u00e9vation de privil\u00e8ges et d'ex\u00e9cuter du code arbitraire \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Microsoft SQL Server","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS08-040 du 08 juillet 2008","url":"http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx"}]}