CVE-2016-7250

Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
microsoftsql_server
𝑥
microsoftsql_server
𝑥
microsoftsql_server
𝑥
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94060
http://www.securitytracker.com/id/1037250
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136
http://www.securityfocus.com/bid/94060
http://www.securitytracker.com/id/1037250
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136