CVE-2015-1762

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability."

References

http://www.securitytracker.com/id/1032893

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058

Details

Source: MITRE

Published: 2015-07-14

Updated: 2018-10-12

Type: CWE-74

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
9828Microsoft SQL Server 2014 12.0.2254.0 through 12.0.2546.0 Multiple Vulnerabilities (3045324)Nessus Network MonitorDatabase
high
9827Microsoft SQL Server 2012 SP2 11.0.5500.0 through 11.0.5592.0 Multiple Vulnerabilities (3045319)Nessus Network MonitorDatabase
high
9819Microsoft SQL Server 2012 SP1 11.0.3300.0 through 11.0.3492.0 Multiple Vulnerabilities (3045317)Nessus Network MonitorDatabase
high
9818Microsoft SQL Server 2008 R2 SP3 10.50.6500.0 through 10.50.6525.0 Multiple Vulnerabilities (3045314)Nessus Network MonitorDatabase
high
9817Microsoft SQL Server 2008 R2 SP2 10.50.4251.0 through 10.50.4331.0 Multiple Vulnerabilities (3045312)Nessus Network MonitorDatabase
high
9816Microsoft SQL Server 2008 SP4 10.0.6500.0 through 10.0.6526.0 Multiple Vulnerabilities (3045308)Nessus Network MonitorDatabase
high
9815Microsoft SQL Server 2008 SP3 10.0.5500.0 through 10.0.5520.0 Multiple Vulnerabilities (3045305)Nessus Network MonitorDatabase
high
84738MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)NessusWindows : Microsoft Bulletins
medium
84737MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) (uncredentialed check)NessusWindows
high