Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2023-28304

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Odbc Driver 17 For Sql Server; Microsoft Ole Db Driver 18 For Sql Server; Microsoft Ole Db Driver 19 For Sql Server; Microsoft Odbc Driver 18 For Sql Server
Vendor: CVE Published:; 11 April 2023

Summary

The vulnerability in Microsoft ODBC and OLE DB products allows for potential remote code execution, enabling attackers to execute arbitrary code on affected systems without user interaction. This vulnerability arises from improper processing of requests, compromising the integrity and security of the affected software. Organizations using Microsoft ODBC or OLE DB components are advised to review their systems and apply recommended mitigations.

Affected Version(s)

Microsoft ODBC Driver 17 for SQL Server Unknown 17.0.0.0 < 17.10.3.1

Microsoft ODBC Driver 18 for SQL Server Unknown 18.0.0.0 < 18.2.1.1

Microsoft OLE DB Driver 18 for SQL Server Unknown 18.0.0 < 18.6.5

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 13, 2023