CVE-2016-7253

CVE Database · CVE-2016-7253

CVE-2016-7253

· N/AModified

CVSS v3.1

N/A

EPSS

11.86%

Published

Nov 10, 2016

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."

Weaknesses (CWE)

CWE-264

Affected Products (4)

microsoft · sql_servervulnerable

References (6)

http://www.securityfocus.com/bid/94056

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037250

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136

http://www.securityfocus.com/bid/94056

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037250

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136

KEV Catalog EPSS Scores Vendors All CVEs