Trusted Design

• 重大度: Unknown
• 公開日: 2015-07-14
• 更新日: 2024-08-06

概要

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability."

このCVEに関連するMITRE ATT&CKテクニック

• T1583.007 - Serverless
• T1003.002 - Security Account Manager
• T1583.002 - DNS Server
• T1114.001 - Local Email Collection
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1608.001 - Upload Malware
• T1558 - Steal or Forge Kerberos Tickets
• T1518.002 - Backup Software Discovery
• T1029 - Scheduled Transfer
• T1525 - Implant Internal Image
• T1562.004 - Disable or Modify System Firewall
• T1145 - Private Keys
• T1555.003 - Credentials from Web Browsers
• T1535 - Unused/Unsupported Cloud Regions
• T1155 - AppleScript
• T1563 - Remote Service Session Hijacking
• T1547.003 - Time Providers
• T1546.008 - Accessibility Features
• T1027.017 - SVG Smuggling
• T1583.003 - Virtual Private Server
• T1083 - File and Directory Discovery
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1584.005 - Botnet
• T1102 - Web Service
• T1218.005 - Mshta
• T1608.005 - Link Target
• T1583.006 - Web Services
• T1598.002 - Spearphishing Attachment
• T1496.004 - Cloud Service Hijacking
• T1071.002 - File Transfer Protocols
• T1679 - Selective Exclusion
• T1219.003 - Remote Access Hardware
• T1078 - Valid Accounts
• T1055.012 - Process Hollowing
• T1068 - Exploitation for Privilege Escalation
• T1110.004 - Credential Stuffing
• T1187 - Forced Authentication
• T1587.004 - Exploits
• T1595.003 - Wordlist Scanning
• T1184 - SSH Hijacking
• T1553.004 - Install Root Certificate
• T1499 - Endpoint Denial of Service
• T1500 - Compile After Delivery
• T1213.003 - Code Repositories
• T1538 - Cloud Service Dashboard
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1204.001 - Malicious Link
• T1086 - PowerShell

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る