{"api_version":"1","generated_at":"2026-05-14T23:16:38+00:00","cve":"CVE-2018-8273","urls":{"html":"https://cve.report/CVE-2018-8273","api":"https://cve.report/api/cve/CVE-2018-8273.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8273","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8273"},"summary":{"title":"CVE-2018-8273","description":"A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka \"Microsoft SQL Server Remote Code Execution Vulnerability.\" This affects Microsoft SQL Server.","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2018-08-15 17:29:00","updated_at":"2021-09-13 11:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/104967","name":"104967","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft SQL Server CVE-2018-8273 Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1041467","name":"1041467","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Microsoft SQL Server Buffer Overflow Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8273","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8273","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8273","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2016","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2018","cve_id":"8273","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2016","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2018","cve_id":"8273","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"sql_server","cpe6":"2017","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2018","cve_id":"8273","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"sql_server_2016","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2018","cve_id":"8273","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"sql_server_2016","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2018","cve_id":"8273","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"sql_server_2016","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2018","cve_id":"8273","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"sql_server_2016","cpe6":"-","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2018","cve_id":"8273","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"sql_server_2017","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2018","cve_id":"8273","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"sql_server_2017","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2018-8273","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Microsoft SQL Server","version":{"version_data":[{"version_value":"2016 for x64-based Systems Service Pack 1"},{"version_value":"2016 for x64-based Systems Service Pack 1 (CU)"},{"version_value":"2016 for x64-based Systems Service Pack 2"},{"version_value":"2016 for x64-based Systems Service Pack 2 (CU)"},{"version_value":"2017 for x64-based Systems"},{"version_value":"2017 for x64-based Systems (CU)"}]}}]},"vendor_name":"Microsoft"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka \"Microsoft SQL Server Remote Code Execution Vulnerability.\" This affects Microsoft SQL Server."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Remote Code Execution"}]}]},"references":{"reference_data":[{"name":"1041467","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041467"},{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273"},{"name":"104967","refsource":"BID","url":"http://www.securityfocus.com/bid/104967"}]}},"nvd":{"publishedDate":"2018-08-15 17:29:00","lastModifiedDate":"2021-09-13 11:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:sql_server:2016:sp1:*:*:*:*:x64:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:sql_server:2016:sp2:*:*:*:*:x64:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:microsoft:sql_server:2017:*:*:*:*:*:x64:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8273","Ordinal":"124628","Title":"CVE-2018-8273","CVE":"CVE-2018-8273","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8273","Ordinal":"1","NoteData":"A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka \"Microsoft SQL Server Remote Code Execution Vulnerability.\" This affects Microsoft SQL Server.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8273","Ordinal":"2","NoteData":"2018-08-15","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8273","Ordinal":"3","NoteData":"2018-08-16","Type":"Other","Title":"Modified"}]}}}