Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2023-23375
7.8HIGH
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 11 April 2023
What is CVE-2023-23375?
A vulnerability exists in Microsoft ODBC and OLE DB, allowing attackers to execute arbitrary code on a targeted system. Exploiting this vulnerability may enable an attacker to take control of the affected system, potentially leading to unauthorized access and compromise of sensitive data. Microsoft has provided a detailed advisory on this issue, outlining the impacted products and available mitigations.
Affected Version(s)
Microsoft ODBC Driver 17 for SQL Server Unknown 17.0.0.0 < 17.10.3.1
Microsoft ODBC Driver 18 for SQL Server Unknown 18.0.0.0 < 18.2.1.1
Microsoft OLE DB Driver 18 for SQL Server Unknown 18.0.0 < 18.6.5