cbcvebase.
CVE-2016-7253
published 2016-11-10

CVE-2016-7253: The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote…

high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."

Affected

10 ranges
VendorProductVersion rangeFixed in
microsoftsql_server
microsoftsql_server
msrcmicrosoft_sql_server_2012_for_32-bit_systems_service_pack_2
msrcmicrosoft_sql_server_2012_for_32-bit_systems_service_pack_3
msrcmicrosoft_sql_server_2012_for_x64-based_systems_service_pack_2
msrcmicrosoft_sql_server_2012_for_x64-based_systems_service_pack_3
msrcmicrosoft_sql_server_2014_service_pack_1_for_32-bit_systems
msrcmicrosoft_sql_server_2014_service_pack_1_for_x64-based_systems
msrcmicrosoft_sql_server_2014_service_pack_2_for_32-bit_systems
msrcmicrosoft_sql_server_2014_service_pack_2_for_x64-based_systems