Tag
#auth
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.
**According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?** An unauthorized attacker must wait for a user to initiate a connection.
**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An authenticated attacker could exploit this vulnerability with LAN access.
**How could an attacker exploit this vulnerability?** An unauthenticated attacker can exploit this vulnerability by sending a malicious request packet via a client machine to a Windows Server configured to be a Multipoint Service over a network, and then waiting for the server to stop or restart.
**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An authenticated attacker could exploit this vulnerability with LAN access.
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.
**How could an attacker exploit this vulnerability?** An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning malicious data that could cause arbitrary code execution on the client.
**According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?** An authorized attacker must send the user a malicious file and convince the user to open it.
**How would an attacker exploit this vulnerability?** An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message which could allow remote code execution.
**How could an attacker exploit the vulnerability?** An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.