Secunia

Four vulnerabilities have been reported in Microsoft SQL Server, which can be exploited by malicious users to gain escalated privileges.

1) An error in the way memory page reuse is managed can be exploited by users with database operator access to gain knowledge of potentially sensitive information (e.g. data from another user's session).

2) A boundary error in the convert function when converting SQL expressions from one data type to another can be exploited to cause a buffer overflow via an overly long, specially crafted expression.

Successful exploitation may allow execution of arbitrary code with escalated privileges.

3) An error when processing database backup files can be exploited to cause a heap-based buffer overflow by loading a specially crafted database backup file via e.g. the RESTORE TSQL statement.

Successful exploitation may allow execution of arbitrary code with escalated privileges.

4) A boundary error when handling insert statements can be exploited to cause a buffer overflow via a specially crafted insert statement.

Successful exploitation may allow execution of arbitrary code with escalated privileges.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) The vendor credits an anonymous person.
2) The vendor credits an anonymous person.
3) Brett Moore, Insomnia Security via iDefense.
4) The vendor credits an anonymous person.

Changelog
Further details available in Customer Area

Original Advisory
MS08-040 (KB941203):
http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723

Insomnia Security:
http://www.insomniasec.com/advisories/ISVA-080709.1.htm

Deep Links
Links available in Customer Area