Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2023-29349

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Ole Db Driver 18 For Sql Server; Microsoft Ole Db Driver 19 For Sql Server; Microsoft Visual Studio 2019 Version 16.11 (includes 16.0 - 16.10); Microsoft Visual Studio 2022 Version 17.2
Vendor: CVE Published:; 16 June 2023

What is CVE-2023-29349?

A vulnerability exists in Microsoft ODBC and OLE DB that could allow an attacker to execute arbitrary code on the affected system. This flaw can be exploited through specially crafted input, which compromises the integrity and confidentiality of the data. It is crucial for users to apply the security updates provided by Microsoft to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft ODBC Driver 17 for SQL Server on Linux Unknown 17.0.0.0 < 17.10.4.1

Microsoft ODBC Driver 17 for SQL Server on MacOS Unknown 17.0.0.0 < 17.10.4.1

Microsoft ODBC Driver 17 for SQL Server on Windows Unknown 17.0.0.0 < 17.10.4.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2023
Vulnerability Reserved
Apr 4, 2023