Microsoft SQL Server 2012 SP2 11.0.5058.0 through 11.0.5387.0 Multiple Privilege Escalation (3194719)
Medium Nessus Network Monitor Plugin ID 9810
SynopsisThe remote host is running a version of SQL Server that is vulnerable to multiple privilege escalation attack vectors.
DescriptionThe remote host is running a version of Microsoft SQL Server 2012 SP2 11.0.5058.0 through 11.0.5387.0 and is affected by multiple privilege escalation vulnerabilities :
- A flaw exists in the SQL Server Agent that is triggered as ACLs on 'atxcore.dll' are not properly checked. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7253)
- A flaw exsts in the RDBMS engine that is triggered during the handling of pointer casting. This may allow an authenticated attacker to gain elevated privileges. (CVE-2016-7254)
SolutionUpdate to SQL Server 2012 SP2 11.0.5388.0 or higher.