Stack-based Buffer Overflow in TIBCO SmartSockets and EMS Products
CVE-2009-1291

Currently unrated

Key Information:

Vendor: Tibco
Status: Enterprise Message Service; Rtworks; Smartsockets; Smartsockets Rtserver
Vendor: CVE Published:; 30 April 2009

Summary

A stack-based buffer overflow vulnerability exists in TIBCO SmartSockets and Enterprise Message Service (EMS) products, allowing remote attackers to execute arbitrary code through crafted inbound data. This issue affects multiple components and versions, including TIBCO SmartSockets up to 6.8.2 and EMS versions from 4.0.0 to 5.1.1. Attackers can exploit this vulnerability by sending specially crafted data to the UDP interface of the RTserver or injecting malicious data into the TCP stream used by the tibemsd service, potentially compromising system integrity and confidentiality.

References

http://www.tibco.com/multimedia/security_advisory_rtworks...

x_refsource_CONFIRM

http://www.tibco.com/services/support/advisories/default.jsp

x_refsource_CONFIRM

http://securitytracker.com/id?1022129

vdb-entryx_refsource_SECTRACK

EPSS Score

29% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 30, 2009
Vulnerability Reserved
Apr 13, 2009