What is CVE-2015-1762?

CVE-2015-1762 is a vulnerability in Microsoft Sql_server, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). Published 2015-07-14.

Is CVE-2015-1762 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Sql_server

CVE-2015-1762

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authentic…

EPSS: 0.022 (84.9th percentile) — read the EPSS interpretation.

Affected products

Microsoft Sql_server — versions 2008, 2012, 2014
N/a — versions n/a

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

1032893 (vdb-entry, x_refsource_SECTRACK)
MS15-058 (x_refsource_MS, vendor-advisory)

Frequently asked questions

What is CVE-2015-1762?: CVE-2015-1762 is a vulnerability in Microsoft Sql_server, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). Published 2015-07-14.
Is CVE-2015-1762 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.