CVE-2014-9264

Currently unrated

Key Information:

Vendor: SAP
Status: Sql Anywhere
Vendor: CVE Published:; 11 December 2014

Summary

Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-413/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-14-412/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-14-414/

x_refsource_MISC

EPSS Score

92% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Dec 4, 2014