Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka SQL Server Memory Corruption Vulnerability.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Data_engine | Microsoft | 1.0-sp4 (including) | 1.0-sp4 (including) |
| Sql_server | Microsoft | 7.0-sp4 (including) | 7.0-sp4 (including) |
| Sql_server | Microsoft | 2000-sp4 (including) | 2000-sp4 (including) |
| Sql_server | Microsoft | 2005-sp1 (including) | 2005-sp1 (including) |
| Sql_server | Microsoft | 2005-sp2 (including) | 2005-sp2 (including) |
| Sql_server_desktop_engine | Microsoft | 2000-sp4 (including) | 2000-sp4 (including) |