Severity
High
Analysis Summary
CVE-2024-21335, CVE-2024-37331, CVE-2024-37332, CVE-2024-37334
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-37326, CVE-2024-37323, CVE-2024-37320, CVE-2024-21308
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21303, CVE-2024-37322, CVE-2024-37329, CVE-2024-35256
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21332, CVE-2024-37321, CVE-2024-20701, CVE-2024-35272
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21398, CVE-2024-21373, CVE-2024-37318, CVE-2024-37327
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-28928, CVE-2024-21449, CVE-2024-37330, CVE-2024-21414
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-37328, CVE-2024-21331, CVE-2024-21425, CVE-2024-21428
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-21415, CVE-2024-21317, CVE-2024-37324, CVE-2024-35271
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-37333, CVE-2024-38087, CVE-2024-21333, CVE-2024-38088
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-37336 CVSS:8.8
Microsoft SQL Server could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the OLE DB Driver component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-21335
- CVE-2024-37331
- CVE-2024-37332
- CVE-2024-37334
- CVE-2024-37326
- CVE-2024-37323
- CVE-2024-37320
- CVE-2024-21308
- CVE-2024-21303
- CVE-2024-37322
- CVE-2024-37329
- CVE-2024-35256
- CVE-2024-21332
- CVE-2024-37321
- CVE-2024-20701
- CVE-2024-35271
- CVE-2024-21398
- CVE-2024-21373
- CVE-2024-37318
- CVE-2024-37327
- CVE-2024-28928
- CVE-2024-21449
- CVE-2024-37330
- CVE-2024-21414
- CVE-2024-37328
- CVE-2024-21331
- CVE-2024-21425
- CVE-2024-21428
- CVE-2024-21415
- CVE-2024-21317
- CVE-2024-37324
- CVE-2024-37333
- CVE-2024-38087
- CVE-2024-21333
- CVE-2024-38088
- CVE-2024-37336
Affected Vendors
Affected Products
- Microsoft SQL Server 2022 for x64-based Systems (GDR)
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.