CVE-2007-3566 - Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before

CVE-2007-3566

Summary

Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.

References

Vulnerable Configurations

cpe:2.3:a:borland_software:interbase:2007:*:*:*:*:*:*:*
cpe:2.3:a:borland_software:interbase:2007:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 15-10-2018 - 21:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	25048
bugtraq	20070724 TPTI-07-13: Borland Interbase ibserver.exe Create-Request Buffer Overflow Vulnerability
misc	http://dvlabs.tippingpoint.com/advisory/TPTI-07-13 http://dvlabs.tippingpoint.com/blog/2007/07/24/step-by-step-of-how-tpti-07-013-was-discovered http://www.codegear.com/downloads/regusers/interbase
osvdb	38602
sectrack	1018451
secunia	26189
sreason	2929
vupen	ADV-2007-2642
xf	interbase-create-bo(35574)

saint via4

bid	25048
description	Borland Interbase ibserver.exe create buffer overflow
id	database_interbasebo
osvdb	38602
title	interbase_create
type	remote

Last major update

15-10-2018 - 21:29

Published

26-07-2007 - 18:30

Last modified

15-10-2018 - 21:29