Oval Definition:oval:org.mitre.oval:def:26287
Revision Date:2014-10-27Version:7
Title:Microsoft SQL Server stack overrun vulnerability - CVE-2014-4061 (MS14-044)
Description:Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service (daemon hang) via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-4061
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2012
Definition Synopsis
  • Microsoft SQL Server 2008 and vulnerable file version
  • Microsoft SQL Server 2008 is installed
  • AND Check for vulnerable version
  • Check if the version Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.0.5520 and greater than 10.0.0
  • OR Check for LDR
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 10.0.5750.0
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.0.5869
  • OR Microsoft SQL Server 2008 R2 and vulnerable file version
  • Microsoft SQL Server 2008 R2 is installed
  • AND Check for vulnerable version
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.50.4033 and greater than 10.5.0
  • OR Check for LDR
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 10.50.4251
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.50.4321
  • OR 2012 vulnerable version
  • Microsoft SQL Server 2012 is installed
  • AND Check for vulnerable range
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 11.0.3153 and greater than 11.0.0
  • OR Check for LDR range
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 11.0.3300
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 11.0.3460
    • BACK