Multiple vulnerabilities in Microsoft OLE DB Driver for SQL Server
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 25 |
| CVE-ID | CVE-2024-28940 CVE-2024-29047 CVE-2024-29983 CVE-2024-29985 CVE-2024-28945 CVE-2024-28942 CVE-2024-29048 CVE-2024-29046 CVE-2024-28910 CVE-2024-28927 CVE-2024-29045 CVE-2024-28911 CVE-2024-29984 CVE-2024-28906 CVE-2024-28926 CVE-2024-28908 CVE-2024-28939 CVE-2024-28914 CVE-2024-29982 CVE-2024-28944 CVE-2024-28909 CVE-2024-28912 CVE-2024-28915 CVE-2024-28913 CVE-2024-29044 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Microsoft SQL Server Server applications / Database software OLE DB Driver Universal components / Libraries / Software for developers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 25 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU88249
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28940
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU20 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU20:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28940
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU88277
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29047
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 CU12
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29047
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU88276
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29983
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29983
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU88275
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29985
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29985
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU88274
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28945
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU88273
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28942
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28942
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU88272
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29048
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29048
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU88271
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29046
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29046
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU88270
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28910
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28910
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU88269
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28927
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28927
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU88268
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29045
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU88267
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28911
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28911
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU88266
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29984
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29984
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU88265
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28906
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28906
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU88264
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28926
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28926
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU88263
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28908
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28908
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU88262
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28939
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28939
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU88261
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28914
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28914
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU88260
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29982
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29982
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU88255
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28944
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU88254
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28909
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28909
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU88253
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28912
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28912
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU88252
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28915
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU88251
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-28913
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU25:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU88250
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-29044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU20 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
CPE2.3- cpe:2.3:a:microsoft:microsoft_sql_server:2019:CU20:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2019:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:CU12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sql_server:2022:GDR:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:18.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ole_db_driver:19.0.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
