Input validation error in Microsoft products - CVE-2023-29349
Published: June 15, 2023
Vulnerability identifier: #VU77449
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-29349
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft ODBC Driver for SQL Server on Windows
Microsoft ODBC Driver for SQL Server on macOS
Microsoft ODBC Driver for SQL Server on Linux
OLE DB Driver
Microsoft SQL Server
Microsoft ODBC Driver for SQL Server on Windows
Microsoft ODBC Driver for SQL Server on macOS
Microsoft ODBC Driver for SQL Server on Linux
OLE DB Driver
Microsoft SQL Server
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a execute arbitrary code on the system.
How to mitigate CVE-2023-29349
Install updates from vendor's website.