cvedb.io
CVE-2016-7253
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2016-11-10T07:00:07.257 · Last modified 2026-06-17T00:52:52.000

Summary

The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."

Affected products

microsoft — sql_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when microsoft ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.