Stack-Based Buffer Overflow in IBM Informix Dynamic Server
CVE-2010-4053

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Dynamic Server
Vendor: CVE Published:; 23 October 2010

Summary

A stack-based buffer overflow vulnerability exists in an unspecified logging function of oninit.exe in IBM Informix Dynamic Server. This vulnerability could be exploited by remote authenticated users by sending a crafted EXPLAIN directive, potentially enabling them to execute arbitrary code on the server. The affected versions include 11.10 prior to 11.10.xC2W2 and 11.50 prior to 11.50.xC1.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-216/

x_refsource_MISC

http://www.vupen.com/english/advisories/2010/2734

vdb-entryx_refsource_VUPEN

http://www.osvdb.org/68705

vdb-entryx_refsource_OSVDB

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 23, 2010
Vulnerability Reserved
Oct 22, 2010