Описание
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
An attacker could exploit the vulnerability by tricking an un-authenticated user into attempting to connect to a malicious SQL server database via ODBC. This could result in the database returning malicious data that might cause arbitrary code execution on the client.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE) | - | |
| Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE) | - | |
| Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE) | - | |
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | ||
| Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE) | - | |
| Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE) | - | |
| Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE) | - | |
| Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR) | ||
| Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR) | ||
| Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU 4) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.8 High
CVSS3
Связанные уязвимости
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft SQL ODBC Driver Remote Code Execution Vulnerability
Уязвимость драйвера WDAC OLE DB для SQL Server операционных систем Windows, позволяющая нарушителю выполнить произвольный код
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
EPSS
7.8 High
CVSS3