CVE-2015-1763 : Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, an

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."

Published 2015-07-14 23:59:02

Updated 2025-04-12 10:46:41

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2015-1763

Microsoft » Sql Server » Version: 2008 Update R2 Sp3
cpe:2.3:a:microsoft:sql_server:2008:r2_sp3:*:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2012 Update SP1
cpe:2.3:a:microsoft:sql_server:2012:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2008 Update SP4
cpe:2.3:a:microsoft:sql_server:2008:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2008 Update R2 Sp2
cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:*:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2008 Update SP3
cpe:2.3:a:microsoft:sql_server:2008:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2012 Update SP2
cpe:2.3:a:microsoft:sql_server:2012:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Sql Server » Version: 2014
cpe:2.3:a:microsoft:sql_server:2014:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2015-1763

Top countries where our scanners detected CVE-2015-1763

Top open port discovered on systems with this issue 1433

IPs affected by CVE-2015-1763 130,496

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2015-1763!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2015-1763

EPSS FAQ

10.75%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-1763

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.5	HIGH	AV:N/AC:M/Au:S/C:C/I:C/A:C	6.8	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-1763

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1763

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058

Microsoft Security Bulletin MS15-058 - Important | Microsoft Docs

CVEs referencing this url
http://www.securitytracker.com/id/1032893

Microsoft SQL Server Bugs Let Remote Authenticated Users Gain Privilege Escalation and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url