Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2023-23375

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Ole Db Driver 18 For Sql Server; Microsoft Ole Db Driver 19 For Sql Server; Microsoft Odbc Driver 17 For Sql Server; Microsoft Odbc Driver 18 For Sql Server
Vendor: CVE Published:; 11 April 2023

What is CVE-2023-23375?

A vulnerability exists in Microsoft ODBC and OLE DB, allowing attackers to execute arbitrary code on a targeted system. Exploiting this vulnerability may enable an attacker to take control of the affected system, potentially leading to unauthorized access and compromise of sensitive data. Microsoft has provided a detailed advisory on this issue, outlining the impacted products and available mitigations.

Affected Version(s)

Microsoft ODBC Driver 17 for SQL Server Unknown 17.0.0.0 < 17.10.3.1

Microsoft ODBC Driver 18 for SQL Server Unknown 18.0.0.0 < 18.2.1.1

Microsoft OLE DB Driver 18 for SQL Server Unknown 18.0.0 < 18.6.5

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Jan 11, 2023