9.3

CVE-2009-3691

Exploit
Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmInformix Client Sdk Version3.0
IbmInformix Client Sdk Version3.50
IbmInformix Connect Runtime Version3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.04% 0.934
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://retrogod.altervista.org/9sg_ibm_setnet32.html
Exploit
http://secunia.com/advisories/36949
Vendor Advisory
http://securitytracker.com/id?1022985
http://www.osvdb.org/58530
http://www.securityfocus.com/bid/36588
http://www.vupen.com/english/advisories/2009/2834
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53644