Trend Micro Security

MS15-058:SQL Server の脆弱性により、リモートでコードが実行される (3065718)

2015年8月14日
  危険度: :
  CVE識別番号: CVE-2015-1761

  概要

This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow remote code execution if an authenticated attacker runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. To exploit this vulnerability an attacker would need permissions to create or modify a database.

  トレンドマイクロの対策

詳しい情報については以下のサイトをご参照ください。

  対応方法

  影響を受けるソフトウェア

  • Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3
  • Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4
  • Microsoft SQL Server 2008 for x64-based Systems Service Pack 4
  • Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 2
  • Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2
  • Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 2
  • Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 3
  • Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 3
  • Microsoft SQL Server 2012 for 32-bit Systems Service Pack 1
  • Microsoft SQL Server 2014 for x64-based Systems
  • Microsoft SQL Server 2008 for x64-based Systems Service Pack 3
  • Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3
  • Microsoft SQL Server 2012 for x64-based Systems Service Pack 1
  • Microsoft SQL Server 2012 for 32-bit Systems Service Pack 2
  • Microsoft SQL Server 2012 for x64-based Systems Service Pack 2
  • Microsoft SQL Server 2014 for 32-bit Systems