CVE-2007-5243

Exploit

EPSS 82.95%
Published 06.10.2007 17:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function.

Affected products Warnungen 0 Metrics 2 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

Borland Software ≫ Interbase Versionli_8.0.0.53

Borland Software ≫ Interbase Versionli_8.0.0.54

Borland Software ≫ Interbase Versionli_8.0.0.253

Borland Software ≫ Interbase Versionwi-o6.0.1.6

Borland Software ≫ Interbase Versionwi-o6.0.2.0

Borland Software ≫ Interbase Versionwi-v5.1.1.680

Borland Software ≫ Interbase Versionwi-v5.5.0.742

Borland Software ≫ Interbase Versionwi-v6.0.0.627

Borland Software ≫ Interbase Versionwi-v6.0.1.0

Borland Software ≫ Interbase Versionwi-v6.0.1.6

Borland Software ≫ Interbase Versionwi-v6.5.0.28

Borland Software ≫ Interbase Versionwi-v7.0.1.1

Borland Software ≫ Interbase Versionwi-v7.5.0.129

Borland Software ≫ Interbase Versionwi-v7.5.1.80

Borland Software ≫ Interbase Versionwi-v8.0.0.123

Borland Software ≫ Interbase Versionwi_5.1.1.680

Borland Software ≫ Interbase Versionwi_8.1.0.257

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	82.95%	0.992

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://osvdb.org/38605

http://osvdb.org/38606

http://osvdb.org/38607

http://osvdb.org/38608

http://osvdb.org/38609

http://risesecurity.org/advisory/RISE-2007002/

http://risesecurity.org/blog/entry/3/

http://risesecurity.org/exploit/10/

http://risesecurity.org/exploit/12/

http://risesecurity.org/exploit/13/

http://risesecurity.org/exploit/14/

Exploit