Microsoft SQL Server Remote Code Execution Vulnerabilities

Last Update Date: 31 Jul 2015 Release Date: 15 Jul 2015 6889 Views

RISK: High Risk

TYPE: Servers - Database Servers

SQL Server Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft SQL Server when it improperly casts pointers to an incorrect class. An attacker could exploit the vulnerability if their credentials allow access to an affected SQL server database. An attacker who successfully exploited this vulnerability could gain elevated privileges that could be used to view, change, or delete data; or create new accounts.
SQL Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles internal function calls to uninitialized memory. An attacker could exploit the vulnerability if a privileged user runs a specially crafted query on an affected SQL server that has special permission settings (such as VIEW SERVER STATE) turned on. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
SQL Server Remote Code Execution Vulnerability
An authenticated remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles internal function calls to uninitialized memory. An attacker could exploit the vulnerability if a privileged user runs a specially crafted query that is designed to execute a virtual function from a wrong address, leading to a function call to uninitialized memory. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.