(MS15-058) Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2015-1761
Date du conseil: 14 août 2015
Description
This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.
Solutions
Affected software and version:
- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3
- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4
- Microsoft SQL Server 2008 for x64-based Systems Service Pack 4
- Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 2
- Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2
- Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 2
- Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 3
- Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 3
- Microsoft SQL Server 2012 for 32-bit Systems Service Pack 1
- Microsoft SQL Server 2014 for x64-based Systems
- Microsoft SQL Server 2008 for x64-based Systems Service Pack 3
- Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3
- Microsoft SQL Server 2012 for x64-based Systems Service Pack 1
- Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2
- Microsoft SQL Server 2012 for x64-based Systems Service Pack 2
- Microsoft SQL Server 2014 for 32-bit Systems