Описание
SQL Server Native Client Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SQL Server 2017 for x64-based Systems (GDR) | ||
| Microsoft SQL Server 2019 for x64-based Systems (GDR) | ||
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR) | ||
| Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack | ||
| Microsoft SQL Server 2017 for x64-based Systems (CU 31) | ||
| Microsoft SQL Server 2019 for x64-based Systems (CU 29) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.8 High
CVSS3
Связанные уязвимости
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
Уязвимость компонента Native Client системы управления базами данных Microsoft SQL Server, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3