VULHUB ™

Microsoft SQL Server and the Microsoft Data Engine have been reported to be prone to three vulnerabilities. The first issue could allow an attacker to hijack a named pipe. This could allow the attacker to gain control of a named pipe to which a legitimate user has authenticated. This could allow a local attacker to gain the privilege level of the authenticated user. The second issue could allow any local or remote user, who can authenticate (Everyone Group), to the SQL Server to cause a denial of service. If the attacker sends an unusually large request to a named pipe, the SQL Server will become unresponsive. The server may have to be rebooted to restore normal operations. The third issue is a buffer overflow vulnerability. This issue could allow an attacker that is authenticated to the SQL Server to elevate their privilege level. This BID will be separated into multiple records after complete analysis of each issue. At that time this record will be retired.

Microsoft SQL Server and the Microsoft Data Engine have been reported to be prone to three vulnerabilities. The first issue could allow an attacker to hijack a named pipe. This could allow the attacker to gain control of a named pipe to which a legitimate user has authenticated. This could allow a local attacker to gain the privilege level of the authenticated user. The second issue could allow any local or remote user, who can authenticate (Everyone Group), to the SQL Server to cause a denial of service. If the attacker sends an unusually large request to a named pipe, the SQL Server will become unresponsive. The server may have to be rebooted to restore normal operations. The third issue is a buffer overflow vulnerability. This issue could allow an attacker that is authenticated to the SQL Server to elevate their privilege level. This BID will be separated into multiple records after complete analysis of each issue. At that time this record will be retired.