| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS14-044 | Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) | Microsoft SQL | Important | 13-08-2014 |
Technical Information
Brief overview of the risk:
An XSS vulnerability exists in SQL Master Data Services (MDS) that could allow an attacker to inject a client-side script into the user’s instance of Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.
Detailed Information on the risk:
This security update resolves two privately reported vulnerabilities in Microsoft SQL Server (one in SQL Server Master Data Services and the other in the SQL Server relational database management system). The more severe of these vulnerabilities, affecting SQL Server Master Data Services, could allow elevation of privilege if a user visits a specially crafted website that injects a client-side script into the user’s instance of Internet Explorer. In all cases, an attacker would have no way to force users to view the attacker-controlled content.
Further information on this exploit is available at : MS14-044
Affected Software
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3Microsoft SQL Server 2008 for x64-based Systems Service Pack 3
Microsoft SQL Server 2008 for Itanium-based Systems Service Pack 3
Microsoft SQL Server 2008 R2 for 32-bit Systems Service Pack 2
Microsoft SQL Server 2008 R2 for x64-based Systems Service Pack 2
Microsoft SQL Server 2008 R2 for Itanium-based Systems Service Pack 2
Microsoft SQL Server 2012 for 32-bit Systems Service Pack 1
Microsoft SQL Server 2012 for x64-based Systems Service Pack 1
Microsoft SQL Server 2014 for x64-based Systems