CVE-2024-21352 | THREATINT

Description

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Reserved 2023-12-08 | Published 2024-02-13 | Updated 2024-10-09 | Assigner microsoft

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-197: Numeric Truncation Error

Product status

10.0.0 before 10.0.17763.5458

affected

10.0.0 before 10.0.17763.5458

affected

10.0.0 before 10.0.17763.5458

affected

10.0.0 before 10.0.20348.2322

affected

10.0.0 before 10.0.22000.2777

affected

10.0.0 before 10.0.19044.4046

affected

10.0.0 before 10.0.22621.3155

affected

10.0.0 before 10.0.19045.4046

affected

10.0.0 before 10.0.22631.3155

affected

10.0.0 before 10.0.22631.3155

affected

10.0.0 before 10.0.25398.709

affected

10.0.0 before 10.0.10240.20469

affected

10.0.0 before 10.0.14393.6709

affected

10.0.0 before 10.0.14393.6709

affected

10.0.0 before 10.0.14393.6709

affected

6.0.0 before 6.0.6003.22511

affected

6.0.0 before 6.0.6003.22511

affected

6.0.0 before 6.0.6003.22511

affected

6.1.0 before 6.1.7601.26961

affected

6.0.0 before 6.1.7601.26961

affected

6.2.0 before 6.2.9200.24710

affected

6.2.0 before 6.2.9200.24710

affected

6.3.0 before 6.3.9600.21813

affected

6.3.0 before 6.3.9600.21813

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21352 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability) vendor-advisory

cve.org (CVE-2024-21352)

nvd.nist.gov (CVE-2024-21352)

Download JSON