Reported vulnerabilities on SQL Server Compact Edition

[Software Engineer]

On running a dependency check on my projects library, the tool reported multiple vulnerabilities in System.Data.SqlServerCe.dll, and CVE-2012-1856 with the highest score of 9.3

The version of the said DLL I have is from SQL Server Compact Edition 4.0 SP1 which I believe is the latest version available.

In the Published Vulnerabilities list, under vulnerable Software & Versions, SQL server compact edition is not listed explicitly though other versions of SQL server are listed. How can we confirm if the reported vulnerability actually exists or is just a false positive?

[Jeremy Long]

As SQL Server Compact Edition is not explicitly listed it may not be vulnerable. However, to be sure you would need to contact Microsoft.

One thing to note, the vulnerability is in the common controls. I do not know enough about the compact edition to know if any of the common controls are installed with compact edition.

--Jeremy

--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.