FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it.
MSRC compact vulnerability detail
CVE-2024-43517 · Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
No description was published by MSRC.
Signals
Microsoft ActiveX
Remote Code Execution
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Less Likely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
No description was published by MSRC.
FAQ / Articles
FAQ
According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application. After the connection is made, the server can send specially crafted replies to the client that exploit the vulnerability and permit execution of arbitrary code within the context of the user's SQL client application.
FAQ
How could an attacker exploit this vulnerability? An attacker would need to set up a malicious server and create a proof-of-concept script. The victim would then need to be convinced, possibly through social engineering techniques, to run this script, which would connect to the malicious server and potentially allow for remote code execution on the victim’s machine.