PT-2015-2771 · Microsoft · Sql Server

Published

2015-07-14

Updated

2018-10-12

CVE-2015-1761

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014

Description The issue is related to incorrect casting of pointers, which can be exploited by remote authenticated users to gain elevated privileges. This can be achieved by leveraging certain write access. An attacker who successfully exploits this issue could gain elevated privileges, allowing them to view, change, or delete data, or create new accounts.

Recommendations For Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2015-12136

CVE-2015-1761

Affected Products

Sql Server

PT-2015-2771 · Microsoft · Sql Server

CVE-2015-1761

Weakness Enumeration

Related Identifiers

Affected Products

References · 8