CVE-2016-7254
Description
Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka SQL RDBMS Engine Elevation of Privilege Vulnerability.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
16.567
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 GDR (KB3194719) x86 based systems | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 GDR (KB3194719) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 GDR (KB3194719) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 GDR (KB3194719) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 CU (KB3194725) x86 based systems | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 CU (KB3194725) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 CU (KB3194725) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 SP2 CU (KB3194725) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB3194721) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB3194721) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB3194721) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 GDR (KB3194721) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 CU (KB3194724) x86 based systems | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 CU (KB3194724) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 CU (KB3194724) | Windows |
| Microsoft SQL Server Agent Elevation of Privilege Vulnerability for SQL Server 2012 Service Pack 3 CU (KB3194724) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-21779 | Security Update for SQL Server 2012 SP2 GDR (KB3194719) 32 bit |
| PATCH-21780 | Security Update for SQL Server 2012 SP2 GDR (KB3194719) |
| PATCH-21781 | Security Update for SQL Server 2012 SP2 GDR (KB3194719) 64 bit |
| PATCH-21782 | Security Update for SQL Server 2012 SP2 GDR (KB3194719) 64 bit |
| PATCH-21783 | Security Update for SQL Server 2012 SP2 CU (KB3194725) 32 bit |
| PATCH-21784 | Security Update for SQL Server 2012 SP2 CU (KB3194725) |
| PATCH-21785 | Security Update for SQL Server 2012 SP2 CU (KB3194725) 64 bit |
| PATCH-21786 | Security Update for SQL Server 2012 SP2 CU (KB3194725) 64 bit |
| PATCH-21789 | Security Update for SQL Server 2012 Service Pack 3 GDR (KB3194721) 64 bit |
| PATCH-21790 | Security Update for SQL Server 2012 Service Pack 3 GDR (KB3194721) 64 bit |
| PATCH-21791 | Security Update for SQL Server 2012 Service Pack 3 CU (KB3194724) 32 bit |
| PATCH-21792 | Security Update for SQL Server 2012 Service Pack 3 CU (KB3194724) |
| PATCH-21793 | Security Update for SQL Server 2012 Service Pack 3 CU (KB3194724) 64 bit |
| PATCH-21794 | Security Update for SQL Server 2012 Service Pack 3 CU (KB3194724) 64 bit |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234