Headline
CVE-2024-28931: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).