CVE-2015-1763 (GCVE-0-2015-1763)
Vulnerability from cvelistv5 – Published: 2015-07-14 23:00 – Updated: 2024-08-06 04:54
VLAI?
Summary
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:15.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032893",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032893"
},
{
"name": "MS15-058",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka \"SQL Server Remote Code Execution Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1032893",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032893"
},
{
"name": "MS15-058",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka \"SQL Server Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032893",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032893"
},
{
"name": "MS15-058",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2015-1763",
"datePublished": "2015-07-14T23:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:15.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDC7BAB6-6166-41A2-9D86-CE31645261AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:r2_sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"591E0A15-4D5F-443A-8197-8D67D57A71C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFC56295-63BF-4EA7-99B5-0B8D019C1432\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2008:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"744B637F-AB15-417B-B8AC-10F463CAEF47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2012:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC9CFCE8-E597-4F1F-AB5A-98E8810238CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2012:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9875CF37-3CFC-4F21-A7A0-EF7B3E99A2EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sql_server:2014:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4A6BA8E-0874-4174-8F3F-7419B448AFCB\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka \\\"SQL Server Remote Code Execution Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Microsoft SQL Server 2008 SP3 y SP4, 2008 R2 SP2 y SP3, 2012 SP1 y SP2, y 2014 no previene el uso de memoria no inicializada en ciertos intentos de ejecuci\\u00f3n de funciones virtuales, lo que permite a usuarios autenticados remotamente ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de una consulta manipulada, tambi\\u00e9n conocida como \\u201cVulnerabilidad de Ejecuci\\u00f3n Remota de c\\u00f3digo en SQL Server.\\u201d\"}]",
"id": "CVE-2015-1763",
"lastModified": "2024-11-21T02:26:04.797",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:C/I:C/A:C\", \"baseScore\": 8.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 6.8, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-07-14T23:59:01.943",
"references": "[{\"url\": \"http://www.securitytracker.com/id/1032893\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id/1032893\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-1763\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2015-07-14T23:59:01.943\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka \\\"SQL Server Remote Code Execution Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft SQL Server 2008 SP3 y SP4, 2008 R2 SP2 y SP3, 2012 SP1 y SP2, y 2014 no previene el uso de memoria no inicializada en ciertos intentos de ejecuci\u00f3n de funciones virtuales, lo que permite a usuarios autenticados remotamente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una consulta manipulada, tambi\u00e9n conocida como \u201cVulnerabilidad de Ejecuci\u00f3n Remota de c\u00f3digo en SQL Server.\u201d\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:C/I:C/A:C\",\"baseScore\":8.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.8,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDC7BAB6-6166-41A2-9D86-CE31645261AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:r2_sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"591E0A15-4D5F-443A-8197-8D67D57A71C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFC56295-63BF-4EA7-99B5-0B8D019C1432\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2008:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"744B637F-AB15-417B-B8AC-10F463CAEF47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2012:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC9CFCE8-E597-4F1F-AB5A-98E8810238CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2012:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9875CF37-3CFC-4F21-A7A0-EF7B3E99A2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sql_server:2014:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4A6BA8E-0874-4174-8F3F-7419B448AFCB\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1032893\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id/1032893\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…