Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2015-1762 | First vendor Publication | 2015-07-14 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 3.9 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1762 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:29485 | |||
Oval ID: | oval:org.mitre.oval:def:29485 | ||
Title: | SQL Server remote code execution vulnerability - CVE-2015-1762 (MS15-058) | ||
Description: | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2015-1762 | Version: | 3 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft SQL Server 2012 Microsoft SQL Server 2014 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-07-16 | IAVM : 2015-A-0171 - Multiple Vulnerabilities in Microsoft SQL Server (MS15-058) Severity : Category II - VMSKEY : V0061125 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-08-14 | Microsoft SQL Server transcational replication and showxmlplan enabled remote... RuleID : 35198 - Revision : 5 - Type : SERVER-MSSQL |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-07-14 | Name : The remote SQL Server installation is affected by multiple vulnerabilities. File : smb_kb3065718.nasl - Type : ACT_GATHER_INFO |
2015-07-14 | Name : The remote SQL Server installation is affected by multiple vulnerabilities. File : smb_nt_ms15-058.nasl - Type : ACT_GATHER_INFO |
2003-01-26 | Name : The remote host has a database server installed. File : mssql_version.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
MS | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15... |
SECTRACK | http://www.securitytracker.com/id/1032893 |
Alert History
Date | Informations |
---|---|
2022-10-11 01:08:49 |
|
2021-05-04 12:38:40 |
|
2021-04-22 01:47:23 |
|
2020-05-23 00:44:32 |
|
2018-10-13 05:18:54 |
|
2017-09-22 09:24:11 |
|
2016-04-27 02:09:11 |
|
2015-10-18 17:23:42 |
|
2015-08-14 21:23:43 |
|
2015-07-22 05:30:17 |
|
2015-07-18 13:28:34 |
|
2015-07-16 09:29:47 |
|
2015-07-15 21:23:22 |
|
2015-07-15 05:27:24 |
|