Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/25917 | vdb entry exploit |
| http://risesecurity.org/blog/entry/3/ | |
| http://www.securitytracker.com/id?1018772 | vdb entry |
| http://risesecurity.org/exploit/10/ | |
| http://risesecurity.org/exploit/9/ | exploit |
| http://osvdb.org/38607 | vdb entry |
| http://osvdb.org/38609 | vdb entry |
| http://risesecurity.org/exploit/13/ | |
| http://www.vupen.com/english/advisories/2007/3381 | vdb entry |
| http://osvdb.org/38606 | vdb entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36956 | vdb entry |
| http://risesecurity.org/exploit/15/ | exploit |
| http://osvdb.org/38608 | vdb entry |
| http://risesecurity.org/advisory/RISE-2007002/ | |
| http://risesecurity.org/exploit/14/ | exploit |
| http://secunia.com/advisories/27058 | third party advisory |
| http://risesecurity.org/exploit/12/ | |
| http://osvdb.org/38605 | vdb entry |