CVE-2014-4061 : Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly contr

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service (daemon hang) via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun Vulnerability."

Published 2014-08-12 21:55:08

Updated 2025-04-12 10:46:41

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-4061

Microsoft » Sql Server » Version: 2008 Update SP3 X64 Edition
cpe:2.3:a:microsoft:sql_server:2008:sp3:x64:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2008 Update SP3 X86 Edition
cpe:2.3:a:microsoft:sql_server:2008:sp3:x86:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2008 Update SP3 Itanium Edition
cpe:2.3:a:microsoft:sql_server:2008:sp3:itanium:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2008 Update R2 Sp2 X86 Edition
cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:x86:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2008 Update R2 Sp2 Itanium Edition
cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:itanium:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2008 Update R2 Sp2 X64 Edition
cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:x64:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2012 Update SP1 X64 Edition
cpe:2.3:a:microsoft:sql_server:2012:sp1:x64:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2012 Update SP1 X86 Edition
cpe:2.3:a:microsoft:sql_server:2012:sp1:x86:*:*:*:*:*
Matching versions

Threat overview for CVE-2014-4061

Top countries where our scanners detected CVE-2014-4061

Top open port discovered on systems with this issue 1433

IPs affected by CVE-2014-4061 25,737

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-4061!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-4061

EPSS FAQ

33.91%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-4061

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:C	8.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2014-4061

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-4061

http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx

Assessing risk for the August 2014 security updates – Microsoft Security Response Center
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/60676

Sign in

CVEs referencing this url
http://www.securitytracker.com/id/1030716

Microsoft SQL Server Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Local Users Deny Service - SecurityTracker

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-044

Microsoft Security Bulletin MS14-044 - Important | Microsoft Docs

CVEs referencing this url