CVE-2023-21685 : Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerabilit

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Published 2023-02-14 20:15:12

Updated 2024-05-29 03:15:20

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-21685

Microsoft » Windows Server 2008 » Version: N/A Update SP2 For X64
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2 For X86
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1 For X64
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 21h2 » For X64
Versions before (<) 10.0.22000.1574
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 11 21h2 » For Arm64
Versions before (<) 10.0.22000.1574
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 11 22h2 » For X64
Versions before (<) 10.0.22621.1265
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 11 22h2 » For Arm64
Versions before (<) 10.0.22621.1265
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 1607 » For X86
Versions before (<) 10.0.14393.5717
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 1607 » For X64
Versions before (<) 10.0.14393.5717
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1809 » For X86
Versions before (<) 10.0.17763.4010
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 1809 » For X64
Versions before (<) 10.0.17763.4010
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1809 » For Arm64
Versions before (<) 10.0.17763.4010
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 21h2 » For X86
Versions before (<) 10.0.19044.2604
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 21h2 » For X64
Versions before (<) 10.0.19044.2604
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 21h2 » For Arm64
Versions before (<) 10.0.19044.2604
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 20h2 » For X64
Versions before (<) 10.0.19042.2604
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 20h2 » For X86
Versions before (<) 10.0.19042.2604
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 20h2 » For Arm64
Versions before (<) 10.0.19042.2604
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 22h2 » For X64
Versions before (<) 10.0.19045.2604
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 22h2 » For X86
Versions before (<) 10.0.19045.2604
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 22h2 » For Arm64
Versions before (<) 10.0.19045.2604
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 1507 » For X64
Versions before (<) 10.0.10240.19747
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1507 » For X86
Versions before (<) 10.0.10240.19747
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-21685

EPSS FAQ

1.23%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 77 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-21685

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	Microsoft Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-21685

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: secure@microsoft.com (Secondary)

References for CVE-2023-21685

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21685

CVE-2023-21685 - Security Update Guide - Microsoft - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-21685

Products affected by CVE-2023-21685

Exploit prediction scoring system (EPSS) score for CVE-2023-21685

CVSS scores for CVE-2023-21685

CWE ids for CVE-2023-21685

References for CVE-2023-21685