Stack-Based Buffer Overflow in IBM Informix Dynamic Server
CVE-2011-1033

Currently unrated

Key Information:

Vendor: IBM
Status: Informix Dynamic Server
Vendor: CVE Published:; 15 February 2011

Summary

A stack-based buffer overflow vulnerability exists in the oninit component of IBM Informix Dynamic Server (IDS) 11.50. This vulnerability allows remote attackers to execute arbitrary code by supplying specially crafted arguments through the USELASTCOMMITTED session environment option in an SQL SET ENVIRONMENT statement. By exploiting this flaw, attackers could potentially gain unauthorized access and control over the affected system.

References

http://www.vupen.com/english/advisories/2011/0309

vdb-entryx_refsource_VUPEN

http://zerodayinitiative.com/advisories/ZDI-11-050/

x_refsource_MISC

http://www.securityfocus.com/bid/46230

vdb-entryx_refsource_BID

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 15, 2011
Vulnerability Reserved
Feb 14, 2011