Freely subscribe to our NEWSLETTER

Security Vulnerability

Vigil@nce - Microsoft SQL Server: six vulnerabilities

January 2017 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of Microsoft SQL
Server.

Impacted products: SQL Server.

Severity: 2/4.

Creation date: 09/11/2016.

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in Microsoft SQL Server.

An attacker can bypass security features via SQL RDBMS Engine, in
order to escalate his privileges. [severity:2/4; CVE-2016-7249]

An attacker can bypass security features via SQL RDBMS Engine, in
order to escalate his privileges. [severity:2/4; CVE-2016-7250]

An attacker can bypass security features via SQL RDBMS Engine, in
order to escalate his privileges. [severity:2/4; CVE-2016-7254]

An attacker can trigger a Cross Site Scripting via MDS API, in
order to run JavaScript code in the context of the web site.
[severity:2/4; CVE-2016-7251]

An attacker can bypass security features via SQL Analysis
Services, in order to obtain sensitive information. [severity:2/4;
CVE-2016-7252]

An attacker can bypass security features via SQL Server Agent, in
order to escalate his privileges. [severity:2/4; CVE-2016-7253]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/Microsoft-SQL-Server-six-vulnerabilities-21076

Subscribe

Freely subscribe to our NEWSLETTER

See previous articles

See next articles

Security Vulnerability

Toutes nos news en Francais

Alle unsere News auf deutsch

Your podcast Here

All new podcasts

Global Security Mag Copyright 2011