Vulnerability Details CVE-2016-7254
Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.166
EPSS Ranking 94.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/bid/94061
- http://www.securitytracker.com/id/1037250
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136
- http://www.securityfocus.com/bid/94061
- http://www.securitytracker.com/id/1037250
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136
Products affected by CVE-2016-7254
-
cpe:2.3:a:microsoft:sql_server:2012