SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21335
8.8HIGH
Key Information:
What is CVE-2024-21335?
The SQL Server Native Client OLE DB Provider vulnerability allows attackers to execute remote code on the server where the client is installed. This exploitation method uses specially crafted requests, which can lead to unauthorized actions and access to sensitive data. Organizations relying on this technology must promptly apply the latest security updates to mitigate potential risks associated with this vulnerability.
Affected Version(s)
Microsoft SQL Server 2016 Service Pack 3 (GDR) x64-based Systems 13.0.0 < 13.0.6441.1
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack x64-based Systems 13.0.0 < 13.0.7037.1
Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3471.2