Main Vulnerability Database Vulnerabilities #VU77446

Input validation error in Microsoft products - CVE-2023-32027

Published: June 15, 2023

Vulnerability identifier: #VU77446

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-32027

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft ODBC Driver for SQL Server on Windows
Microsoft ODBC Driver for SQL Server on Linux
Microsoft ODBC Driver for SQL Server on macOS
Microsoft SQL Server

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.

How to mitigate CVE-2023-32027

Install updates from vendor's website.

Sources

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32027

Input validation error in Microsoft products - CVE-2023-32027

Detailed vulnerability description

How to mitigate CVE-2023-32027

Sources

Please verify you're human