Oval Definition:oval:org.mitre.oval:def:29315
Revision Date:2015-12-22Version:7
Title:SQL Server remote code execution vulnerability - CVE-2015-1763 (MS15-058)
Description:Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-1763
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2012
Microsoft SQL Server 2014
Definition Synopsis
  • Microsoft SQL Server 2008 and vulnerable file version
  • either products
  • Microsoft SQL Server 2008 is installed
  • OR Microsoft SQL Server 2008 SP3 is installed
  • AND Check for vulnerable version
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.0.5538.0
  • OR Check for LDR
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 10.0.5750.0
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.0.5890.0
  • OR Microsoft SQL Server 2008 and vulnerable file version
  • Microsoft SQL Server 2008 Service Pack 4 is installed
  • AND Check for vulnerable versions
  • Check for LDR
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.0.6535.0
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 10.0.6500.0
  • OR Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.0.6241.0
  • OR Microsoft SQL Server 2008 R2 and vulnerable file version
  • either products
  • Microsoft SQL Server 2008 R2 is installed
  • OR Microsoft SQL Server 2008 R2 SP2 is installed
  • AND Check for vulnerable version
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.50.4042.0
  • OR Check for LDR
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 10.50.4251
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.50.4339.0
  • OR Microsoft SQL Server 2008 R2 and vulnerable file version
  • Microsoft SQL Server 2008 R2 SP3 is installed
  • AND Check for vulnerable version
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.50.6220.0
  • OR Check for LDR
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 10.50.6529.0
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 10.50.6500.0
  • OR 2012 vulnerable version
  • either products
  • Microsoft SQL Server 2012 is installed
  • OR Microsoft SQL Server 2012 SP1 is installed
  • AND Check for vulnerable range
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 11.0.3156.0
  • OR Check for LDR range
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 11.0.3300
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 11.0.3513.0
  • OR 2012 vulnerable version
  • Microsoft SQL Server 2012 SP2 is installed
  • AND Check for vulnerable range
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 11.0.5343.0
  • OR Check for LDR range
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 11.0.5613.0
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 11.0.5600.0
  • OR Microsoft SQL Server 2014 and vulnerable file version
  • Microsoft SQL Server 2014 is installed
  • AND Check for vulnerable range
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 12.0.2269.0
  • OR Check for LDR
  • Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is greater than or equal to 12.0.2300
  • AND Check if the version of Microsoft.sqlserver.chainer.infrastructure.dll is less than 12.0.2548.0
    • BACK