KLA10615
Multiple vulnerabilities in Microsoft SQL Server
Updated: 06/01/2019
Detect date
?
08/12/2014
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to cause denial of service or inject arbitrary code.

Below is a complete list of vulnerabilities

  1. Lack of stack memory restrictions can be exploited remotely via a specially designed T-SQL statement;
  2. XSS vulnerability can be exploited remotely via a specially designed URL.
Affected products

Microsoft SQL Server 2008 x86, x64, Itanium Service Pack 3 
Microsoft SQL Server 2008 R2 x86, x64, Itanium Service Pack 2 
Microsoft SQL Server 2012 x86, x64 Service Pack 1 
Microsoft SQL Server 2014 x64

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2014-4061
CVE-2014-1820

Impacts
?
DoS 
[?]

CI 
[?]
Related products
Microsoft SQL Server
CVE-IDS
?
Microsoft official advisories
Microsoft Security Update Guide
KB list

2977319
2977316
2977315
2977326
2984340
2977325
2977322
2977320
2977321