1. CVE-Search
  2. CVE-2014-4061
ID CVE-2014-4061
Summary Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service (daemon hang) via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:itanium:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:itanium:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2008:r2_sp2:x86:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2008:sp3:itanium:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2008:sp3:itanium:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2008:sp3:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2008:sp3:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2008:sp3:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2008:sp3:x86:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2012:sp1:x64:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2012:sp1:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2012:sp1:x86:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2012:sp1:x86:*:*:*:*:*
CVSS
Base: 6.8 (as of 12-10-2018 - 22:06)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:C
msbulletin via4
bulletin_id MS14-044
bulletin_url
date 2014-08-12T00:00:00
impact Denial of Service
knowledgebase_id 2984340
knowledgebase_url
severity Important
title Vulnerabilities in SQL Server Could Allow Elevation of Privilege
refmap via4
confirm http://blogs.technet.com/b/srd/archive/2014/08/12/assessing-risk-for-the-august-2014-security-updates.aspx
sectrack 1030716
secunia 60676
Last major update 12-10-2018 - 22:06
Published 12-08-2014 - 21:55
Last modified 12-10-2018 - 22:06
Back to Top