Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2022-38031

Опубликовано: 11 окт. 2022
Источник: msrc
CVSS3: 8.8
EPSS Низкий

Описание

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

FAQ

How could an attacker exploit this vulnerability?

An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

Обновления

ПродуктСтатьяОбновление
Windows Server 2008 for 32-bit Systems Service Pack 2
50184505018446
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2
50184505018446
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
50184505018446
Monthly RollupSecurity Only
Windows 7 for 32-bit Systems Service Pack 1
50184545018479
Monthly RollupSecurity Only
Windows 7 for x64-based Systems Service Pack 1
50184545018479
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
50184545018479
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1
50184545018479
Monthly RollupSecurity Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
50184505018446
Monthly RollupSecurity Only
Windows Server 2012
50184575018478
Monthly RollupSecurity Only
Windows Server 2012 (Server Core installation)
50184575018478
Monthly RollupSecurity Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Unlikely

DOS

N/A

EPSS

Процентиль: 87%
0.0366
Низкий

8.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-38031

CVSS3: 8.8
nvd
больше 2 лет назад

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

github логотип

GHSA-mpmc-j3p7-4cq2

CVSS3: 8.8
github
больше 2 лет назад

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-37982.

fstec логотип

BDU:2022-06800

CVSS3: 8.8
fstec
больше 2 лет назад

Уязвимость драйвера WDAC OLE DB для SQL Server операционной системы Windows, позволяющая нарушителю выполнить произвольный код или выполнить произвольный код

EPSS

Процентиль: 87%
0.0366
Низкий

8.8 High

CVSS3