EIP-2026-117508

PRE-CVE

Microsoft Source Code Analyzer for SQL Injection 1.3 - Improper Permissions

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117508. PoCs published by LiquidWorm.

AI-analyzed exploit summary The advisory describes an improper permissions vulnerability in Microsoft Source Code Analyzer for SQL Injection 1.3, where the executable files have write permissions for the 'Everyone' group, allowing privilege escalation via binary replacement.

Description

Microsoft Source Code Analyzer for SQL Injection 1.3 - Improper Permissions

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/16991

View Code ZIP pw:eip

The advisory describes an improper permissions vulnerability in Microsoft Source Code Analyzer for SQL Injection 1.3, where the executable files have write permissions for the 'Everyone' group, allowing privilege escalation via binary replacement.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Source Code Analyzer for SQL Injection 1.3.30601.30705

No auth needed

Prerequisites: Access to the system where the tool is installed

MITRE ATT&CK

T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026