CVE-2024-21353

Опубликовано: 13 фев. 2024

Источник: msrc

CVSS3: 8.8

EPSS Низкий

Описание

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

FAQ

According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?

An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.

Обновления

Продукт	Статья	Обновление
Windows Server 2022, 23H2 Edition (Server Core installation)	5034769	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 83%

0.01901

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2024-21353

CVSS3: 8.8

nvd

почти 2 года назад

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

GHSA-6x2q-4wwr-j5p2

CVSS3: 8.8

github

почти 2 года назад

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

BDU:2024-01437

CVSS3: 8.8

fstec

почти 2 года назад

Уязвимость драйвера WDAC OLE DB для SQL Server операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 83%

0.01901

Низкий

8.8 High

CVSS3