CVE-2016-0226

7.8HIGH

Key Information:

Vendor: IBM
Status: Informix Dynamic Server
Vendor: CVE Published:; 28 March 2016

Summary

The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.

References

http://zerodayinitiative.com/advisories/ZDI-16-210/

x_refsource_MISC

http://zerodayinitiative.com/advisories/ZDI-16-209/

x_refsource_MISC

http://www-01.ibm.com/support/docview.wss?uid=swg21978598

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2016
Vulnerability Reserved
Dec 8, 2015