Gravité: : Élevé
  Identifiant(s) CVE: : CVE-2015-1761
  Date du conseil: 14 août 2015

  Description

This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.

  Solutions

  Affected software and version:

  • Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3
  • Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4
  • Microsoft SQL Server 2008 for x64-based Systems Service Pack 4
  • Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 2
  • Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2
  • Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 2
  • Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 3
  • Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 3
  • Microsoft SQL Server 2012 for 32-bit Systems Service Pack 1
  • Microsoft SQL Server 2014 for x64-based Systems
  • Microsoft SQL Server 2008 for x64-based Systems Service Pack 3
  • Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3
  • Microsoft SQL Server 2012 for x64-based Systems Service Pack 1
  • Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2
  • Microsoft SQL Server 2012 for x64-based Systems Service Pack 2
  • Microsoft SQL Server 2014 for 32-bit Systems