CVE-2015-1763

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."

Published: Jul 15, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-1763
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
microsoft / sql_server	2008-r2_sp2	2008-r2_sp2.x
microsoft / sql_server	2008-sp3	2008-sp3.x
microsoft / sql_server	2014	2014.x
microsoft / sql_server	2012-sp2	2012-sp2.x
microsoft / sql_server	2008-sp4	2008-sp4.x
microsoft / sql_server	2012-sp1	2012-sp1.x
microsoft / sql_server	2008-r2_sp3	2008-r2_sp3.x

http://www.securitytracker.com/id/1032893
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058

Vulnerability Database

289,599

CVE-2015-1763