CVE-2016-7254 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2016-7254

CWE

https://cwe.mitre.org/data/definitions/264.html

Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka SQL RDBMS Engine Elevation of Privilege Vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
Sql_server	Microsoft	2012-sp2 (including)	2012-sp2 (including)
Sql_server	Microsoft	2012-sp3 (including)	2012-sp3 (including)

References

http://www.securityfocus.com/bid/94061
http://www.securitytracker.com/id/1037250
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136
http://www.securityfocus.com/bid/94061
http://www.securitytracker.com/id/1037250
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136