Main Vulnerability Database Vulnerabilities #VU77445

Input validation error in Microsoft products - CVE-2023-32026

Published: June 15, 2023

Vulnerability identifier: #VU77445

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-32026

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft ODBC Driver for SQL Server on Windows
Microsoft ODBC Driver for SQL Server on Linux
Microsoft ODBC Driver for SQL Server on macOS
Microsoft SQL Server

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.

How to mitigate CVE-2023-32026

Install updates from vendor's website.

Sources

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32026

Input validation error in Microsoft products - CVE-2023-32026

Detailed vulnerability description

How to mitigate CVE-2023-32026

Sources

Please verify you're human