CVE-2016-7254

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions 2012 SP2 through 2012 SP3

Description The issue arises from improper handling of pointer casting, allowing remote authenticated users to gain elevated privileges. An attacker with access to an affected SQL server database could exploit this to view, change, or delete data, or create new accounts.

Recommendations For Microsoft SQL Server 2012 SP2, update to a version that properly handles pointer casting to prevent elevation of privilege. For Microsoft SQL Server 2012 SP3, update to a version that properly handles pointer casting to prevent elevation of privilege.