Main Vulnerability Database Vulnerabilities #VU77447

Input validation error in Microsoft products - CVE-2023-29356

Published: June 15, 2023

Vulnerability identifier: #VU77447

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-29356

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft ODBC Driver for SQL Server on Windows
Microsoft ODBC Driver for SQL Server on Linux
Microsoft ODBC Driver for SQL Server on macOS
Microsoft SQL Server

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code on the system.

How to mitigate CVE-2023-29356

Install updates from vendor's website.

Sources

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29356

Input validation error in Microsoft products - CVE-2023-29356

Detailed vulnerability description

How to mitigate CVE-2023-29356

Sources

Please verify you're human