CVE-2024-26166 | THREATINT

Assigner	microsoft
Reserved	2024-02-14
Published	2024-03-12
Updated	2024-06-11

Description

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

HIGH: 8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-122: Heap-based Buffer Overflow

Product status

10.0.0 before 10.0.17763.5576

affected

10.0.0 before 10.0.17763.5576

affected

10.0.0 before 10.0.17763.5576

affected

10.0.0 before 10.0.20348.2340

affected

10.0.0 before 10.0.20348.2333

affected

10.0.0 before 10.0.22000.2836

affected

10.0.0 before 10.0.19044.4170

affected

10.0.0 before 10.0.22621.3296

affected

10.0.0 before 10.0.19045.4170

affected

10.0.0 before 10.0.22631.3296

affected

10.0.0 before 10.0.22631.3296

affected

10.0.0 before 10.0.25398.763

affected

10.0.0 before 10.0.10240.20526

affected

10.0.0 before 10.0.14393.6796

affected

10.0.0 before 10.0.14393.6796

affected

10.0.0 before 10.0.14393.6796

affected

6.0.0 before 6.0.6003.22567

affected

6.0.0 before 6.0.6003.22567

affected

6.0.0 before 6.0.6003.22567

affected

6.1.0 before 6.1.7601.27017

affected

6.0.0 before 6.1.7601.27017

affected

6.2.0 before 6.2.9200.24768

affected

6.2.0 before 6.2.9200.24768

affected

6.3.0 before 6.3.9600.21871

affected

6.3.0 before 6.3.9600.21871

affected

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26166 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability) vendor-advisory

cve.org CVE-2024-26166

nvd.nist.gov CVE-2024-26166

Download JSON