Headline
CVE-2024-21398: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
How could an attacker exploit this vulnerability?
An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.