#VU43259 Buffer overflow in Informix Dynamic Server - CVE-2012-4857

Cybersecurity Help s.r.o.

Published: 2012-12-08 | Updated: 2020-08-11

Vulnerability identifier: #VU43259

Vulnerability risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-4857

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Informix Dynamic Server
Server applications / Web servers

Vendor: IBM Corporation

Description

The vulnerability allows a remote #AU# to execute arbitrary code.

Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Informix Dynamic Server: 11.50.xc1 - 11.70.xc3

External links
https://www.securitytracker.com/id?1027849
https://exchange.xforce.ibmcloud.com/vulnerabilities/79737
https://www.ibm.com/support/docview.wss?uid=swg21618994

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Buffer overflow in IBM Informix Dynamic Server