KLA10615
Multiple vulnerabilities in Microsoft SQL Server

Обновлено: 03/06/2020
Дата обнаружения
12/08/2014
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to cause denial of service or inject arbitrary code.

Below is a complete list of vulnerabilities

  1. Lack of stack memory restrictions can be exploited remotely via a specially designed T-SQL statement;
  2. XSS vulnerability can be exploited remotely via a specially designed URL.
Пораженные продукты

Microsoft SQL Server 2008 x86, x64, Itanium Service Pack 3 
Microsoft SQL Server 2008 R2 x86, x64, Itanium Service Pack 2 
Microsoft SQL Server 2012 x86, x64 Service Pack 1 
Microsoft SQL Server 2014 x64

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2014-4061
CVE-2014-1820
Оказываемое влияние
?
DoS 
[?]

CI 
[?]
Связанные продукты
Microsoft SQL Server
CVE-IDS