Multiple vulnerabilities in Microsoft SQL Server

Описание

Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

1. An improper pointer casting handling can be exploited by remotely authenticated attackers to gain privileges;
2. An improper request parameters validation at MDS can be exploited remotely via XSS attack to gain privileges;
3. Lack of parameters restrictions at Microsoft SQL Analysis Service can be exploited by remotely authenticated attacker to obtain sensitive information;
4. An improper ACL check at Microsoft SQL Server Agent can be exploited by remotely authenticated attackers to gain privileges.

Первичный источник обнаружения

• MS16-136
  CVE-2016-7254
  CVE-2016-7253
  CVE-2016-7252
  CVE-2016-7251
  CVE-2016-7250
  CVE-2016-7249
  

Связанные продукты

• Microsoft-SQL-Server

Список CVE

• CVE-2016-7254
  high
• CVE-2016-7253
  high
• CVE-2016-7252
  warning
• CVE-2016-7251
  warning
• CVE-2016-7250
  high
• CVE-2016-7249
  high

Список KB

• 3194718
• 3194724
• 3194725
• 3194720
• 3194722
• 3194714
• 3194719
• 3194717
• 3194716
• 3194721

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com