Tag
#auth
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.
**According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?** An authorized attacker must send the user a malicious file and convince the user to open it.
**How could an attacker exploit this vulnerability?** An unauthenticated attacker can exploit this vulnerability by sending a malicious request packet via a client machine to a Windows Server configured to be a Multipoint Service over a network, and then waiting for the server to stop or restart.
**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An authenticated attacker could exploit this vulnerability with LAN access.
**How could an attacker exploit this vulnerability?** To exploit this vulnerability, a victim machine must be running a performance counter collection tool such as Performance Monitor to collect performance counter data from an attacker machine. An attacker with local admin authority on the attacker machine could run malicious code remotely in the victim machine's performance counter data collector process.
**According to the CVSS metric, privileges required is low (PR:H). What does that mean for this vulnerability?** An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.
**How would an attacker exploit this vulnerability?** An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message which could allow remote code execution.