CVE-2016-7249 — Microsoft SQL Server vulnerability

CWE-2644 documents4 sources

Severity

8.8HIGHNVD

EPSS

16.6%

top 5.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft SQL Server

Timeline

PublishedNov 10

Latest updateMay 14

Description

Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/sql_server2016

🔴Vulnerability Details

GHSA

GHSA-g7r2-w2q5-xwcc: Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via u↗2022-05-14

▶

CVEList

CVE-2016-7249: Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via u↗2016-11-10

▶

📋Vendor Advisories

Microsoft

SQL RDBMS Engine Elevation of Privilege Vulnerability↗2016-11-08

▶