(MS15-058) Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)
Schweregrad:: Hoch
CVE Kennungen:: CVE-2015-1761
Hinweisdatum: 14 August 2015
Beschreibung
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.
Lösungen
Betroffene Software und Version:
- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3
- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4
- Microsoft SQL Server 2008 for x64-based Systems Service Pack 4
- Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 2
- Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2
- Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 2
- Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 3
- Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 3
- Microsoft SQL Server 2012 for 32-bit Systems Service Pack 1
- Microsoft SQL Server 2014 for x64-based Systems
- Microsoft SQL Server 2008 for x64-based Systems Service Pack 3
- Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3
- Microsoft SQL Server 2012 for x64-based Systems Service Pack 1
- Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2
- Microsoft SQL Server 2012 for x64-based Systems Service Pack 2
- Microsoft SQL Server 2014 for 32-bit Systems