CVE-2015-1761

medium Microsoft
CVSS v3 Base Score
6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS Score
6.6%
Exploitation probability in 30 days
Top 9% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: July 14, 2015 (3957 days ago)
Last Modified: May 6, 2026
Vendor: Microsoft
Source: NVD

Description

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability."

CWE

CWE-284

Affected Products

microsoft sql server

References

🔗 www.securitytracker.com 🔗 docs.microsoft.com 🔗 h20566.www2.hpe.com 🔗 www.securitytracker.com 🔗 docs.microsoft.com