CVE-2015-1762

EPSS 2.03%
Published 14.07.2015 23:59:01
Last modified 12.04.2025 10:46:40
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Sql Server Version2008 Updater2_sp2

Microsoft ≫ Sql Server Version2008 Updater2_sp3

Microsoft ≫ Sql Server Version2008 Updatesp3

Microsoft ≫ Sql Server Version2008 Updatesp4

Microsoft ≫ Sql Server Version2012 Updatesp1

Microsoft ≫ Sql Server Version2012 Updatesp2

Microsoft ≫ Sql Server Version2014

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.03%	0.831

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	3.9	10	AV:N/AC:H/Au:S/C:C/I:C/A:C

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

http://www.securitytracker.com/id/1032893

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058

https://nvd.nist.gov/vuln/detail/CVE-2015-1762

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1762

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1762

EUVD