PT-2024-10314 · Microsoft · Sql Server

Published

2024-11-12

Updated

2024-11-15

CVE-2024-49043

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server (affected versions not specified)

Description The issue is related to the use of an untrusted path in the Microsoft.SqlServer.XEvent.Configuration.dll file of Microsoft SQL Server. Exploitation of this issue may allow an attacker to execute arbitrary code using a specially crafted DLL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

BDU:2025-00761

CVE-2024-49043

Affected Products

Sql Server

PT-2024-10314 · Microsoft · Sql Server

CVE-2024-49043

Weakness Enumeration

Related Identifiers

Affected Products

References · 8