Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Microsoft SQL Server 2012 SP1 11.0.3300.0 through 11.0.3492.0 Multiple Vulnerabilities (3045317)

High

Synopsis

The remote host is running a version of SQL Server that is vulnerable to multiple attack vectors.

Description

The remote host is running a version of Microsoft SQL Server 2012 SP1 11.0.3300.0 through 11.0.3492.0 and is affected by multiple vulnerabilities :

- An unspecified type-casting flaw exists. With a specially crafted query, an authenticated, remote attacker can potentially gain escalated privileges. (CVE-2015-1761) - An unspecified flaw exists related to use of uninitialized memory. With a specially crafted query, an authenticated, remote attacker can potentially execute arbitrary code on the system. (CVE-2015-1762, CVE-2015-1763)

Solution

Update to SQL Server 2012 SP1 11.0.3493.0 or higher.