Buffer overflow in Informix Dynamic Server

#VU43259 Buffer overflow in Informix Dynamic Server

Published: 2012-12-08 | Updated: 2020-08-11

Vulnerability identifier: #VU43259

Vulnerability risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2012-4857

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Informix Dynamic Server
Server applications / Web servers

Vendor: IBM Corporation

Description

The vulnerability allows a remote #AU# to execute arbitrary code.

Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Informix Dynamic Server: 11.50 - 11.70.xc3

External links
http://www.securitytracker.com/id?1027849
http://exchange.xforce.ibmcloud.com/vulnerabilities/79737
http://www.ibm.com/support/docview.wss?uid=swg21618994

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Buffer overflow in IBM Informix Dynamic Server