Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability."

The remote host is running a version of Microsoft SQL Server 2014 12.0.2254.0 through 12.0.2546.0 and is affected by multiple vulnerabilities :

 - An unspecified type-casting flaw exists. With a specially crafted query, an authenticated, remote attacker can potentially gain escalated privileges. (CVE-2015-1761)
 - An unspecified flaw exists related to use of uninitialized memory. With a specially crafted query, an authenticated, remote attacker can potentially execute arbitrary code on the system. (CVE-2015-1762, CVE-2015-1763)

The remote host is running a version of Microsoft SQL Server 2012 SP2 11.0.5500.0 through 11.0.5592.0 and is affected by multiple vulnerabilities :

 - An unspecified type-casting flaw exists. With a specially crafted query, an authenticated, remote attacker can potentially gain escalated privileges. (CVE-2015-1761)
 - An unspecified flaw exists related to use of uninitialized memory. With a specially crafted query, an authenticated, remote attacker can potentially execute arbitrary code on the system. (CVE-2015-1762, CVE-2015-1763)

The remote host is running a version of Microsoft SQL Server 2012 SP1 11.0.3300.0 through 11.0.3492.0 and is affected by multiple vulnerabilities :

 - An unspecified type-casting flaw exists. With a specially crafted query, an authenticated, remote attacker can potentially gain escalated privileges. (CVE-2015-1761)
 - An unspecified flaw exists related to use of uninitialized memory. With a specially crafted query, an authenticated, remote attacker can potentially execute arbitrary code on the system. (CVE-2015-1762, CVE-2015-1763)

The remote host is running a version of Microsoft SQL Server 2008 R2 SP3 10.50.6500.0 through 10.50.6525.0 and is affected by multiple vulnerabilities :

 - An unspecified type-casting flaw exists. With a specially crafted query, an authenticated, remote attacker can potentially gain escalated privileges. (CVE-2015-1761)
 - An unspecified flaw exists related to use of uninitialized memory. With a specially crafted query, an authenticated, remote attacker can potentially execute arbitrary code on the system. (CVE-2015-1762, CVE-2015-1763)

The remote host is running a version of Microsoft SQL Server 2008 R2 SP2 10.50.4251.0 through 10.50.4331.0 and is affected by multiple vulnerabilities :

 - An unspecified type-casting flaw exists. With a specially crafted query, an authenticated, remote attacker can potentially gain escalated privileges. (CVE-2015-1761)
 - An unspecified flaw exists related to use of uninitialized memory. With a specially crafted query, an authenticated, remote attacker can potentially execute arbitrary code on the system. (CVE-2015-1762, CVE-2015-1763)

The remote host is running a version of Microsoft SQL Server 2008 SP4 10.0.6500.0 through 10.0.6526.0 and is affected by multiple vulnerabilities :

 - An unspecified type-casting flaw exists. With a specially crafted query, an authenticated, remote attacker can potentially gain escalated privileges. (CVE-2015-1761)
 - An unspecified flaw exists related to use of uninitialized memory. With a specially crafted query, an authenticated, remote attacker can potentially execute arbitrary code on the system. (CVE-2015-1762, CVE-2015-1763)

The remote host is running a version of Microsoft SQL Server 2008 SP3 10.0.5500.0 through 10.0.5520.0 and is affected by multiple vulnerabilities :

 - An unspecified type-casting flaw exists. With a specially crafted query, an authenticated, remote attacker can potentially gain escalated privileges. (CVE-2015-1761)
 - An unspecified flaw exists related to use of uninitialized memory. With a specially crafted query, an authenticated, remote attacker can potentially execute arbitrary code on the system. (CVE-2015-1762, CVE-2015-1763)

The remote Microsoft SQL Server installation is affected by multiple vulnerabilities :

  - A privilege escalation vulnerability exists due to the     casting of pointers to an incorrect class. An     authenticated, remote attacker can exploit this, via a     specially crafted SQL query, to gain elevated     privileges. (CVE-2015-1761)

  - A remote code execution vulnerability exists due to     incorrect handling of internal function calls to     uninitialized memory. An attacker can exploit this, via     a specially crafted SQL query on an affected SQL server     that has special permission settings (such as VIEW     SERVER STATE) turned on, to execute arbitrary code.
    (CVE-2015-1762)

  - A remote code execution vulnerability exists due to     incorrect handling of internal function calls to     uninitialized memory. An authenticated, remote attacker     can exploit this, via a specially crafted SQL query     designed to execute a virtual function from a wrong     address, to execute arbitrary code. (CVE-2015-1763)

The remote Microsoft SQL Server installation is affected by multiple vulnerabilities :

  - A privilege escalation vulnerability exists due to the     casting of pointers to an incorrect class. An     authenticated, remote attacker can exploit this, via a     specially crafted SQL query, to gain elevated     privileges. (CVE-2015-1761)

  - A remote code execution vulnerability exists due to     incorrect handling of internal function calls to     uninitialized memory. An attacker can exploit this, via     a specially crafted SQL query on an affected SQL server     that has special permission settings (such as VIEW     SERVER STATE) turned on, to execute arbitrary code.
    (CVE-2015-1762)

  - A remote code execution vulnerability exists due to     incorrect handling of internal function calls to     uninitialized memory. An authenticated, remote attacker     can exploit this, via a specially crafted SQL query     designed to execute a virtual function from a wrong     address, to execute arbitrary code. (CVE-2015-1762)

ID	Name	Product	Family	Severity
9828	Microsoft SQL Server 2014 12.0.2254.0 through 12.0.2546.0 Multiple Vulnerabilities (3045324)	Nessus Network Monitor	Database	high
9827	Microsoft SQL Server 2012 SP2 11.0.5500.0 through 11.0.5592.0 Multiple Vulnerabilities (3045319)	Nessus Network Monitor	Database	high
9819	Microsoft SQL Server 2012 SP1 11.0.3300.0 through 11.0.3492.0 Multiple Vulnerabilities (3045317)	Nessus Network Monitor	Database	high
9818	Microsoft SQL Server 2008 R2 SP3 10.50.6500.0 through 10.50.6525.0 Multiple Vulnerabilities (3045314)	Nessus Network Monitor	Database	high
9817	Microsoft SQL Server 2008 R2 SP2 10.50.4251.0 through 10.50.4331.0 Multiple Vulnerabilities (3045312)	Nessus Network Monitor	Database	high
9816	Microsoft SQL Server 2008 SP4 10.0.6500.0 through 10.0.6526.0 Multiple Vulnerabilities (3045308)	Nessus Network Monitor	Database	high
9815	Microsoft SQL Server 2008 SP3 10.0.5500.0 through 10.0.5520.0 Multiple Vulnerabilities (3045305)	Nessus Network Monitor	Database	high
84738	MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)	Nessus	Windows : Microsoft Bulletins	medium
84737	MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) (uncredentialed check)	Nessus	Windows	high

Detections

Analytics

CVE-2015-1761

high

Tenable Plugins

high

high

high

high

high

high

high

medium

high