Vulnerability in Microsoft Sql_server

CVE-2014-4061

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service (daemon hang) via a crafted…

EPSS: 0.384 (97.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Sql_server — versions 2008, 2012
N/a — versions n/a

Weakness classification (CWE)

CWE-399

References

60676 (x_refsource_SECUNIA, third-party-advisory)
1030716 (vdb-entry, x_refsource_SECTRACK)
secure@microsoft.com (x_refsource_CONFIRM, Vendor Advisory)
MS14-044 (x_refsource_MS, vendor-advisory)