CVE-2015-1761

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability."

Published: Jul 15, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-1761
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
microsoft / sql_server	2008-r2_sp2	2008-r2_sp2.x
microsoft / sql_server	2008-sp3	2008-sp3.x
microsoft / sql_server	2014	2014.x
microsoft / sql_server	2012-sp2	2012-sp2.x
microsoft / sql_server	2008-sp4	2008-sp4.x
microsoft / sql_server	2012-sp1	2012-sp1.x
microsoft / sql_server	2008-r2_sp3	2008-r2_sp3.x

http://www.securitytracker.com/id/1032893
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05382740

Vulnerability Database

289,599

CVE-2015-1761