CVE-2008-2559 - Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitr

CVE-2008-2559

Summary

Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467.

References

http://secunia.com/advisories/30299
http://securitytracker.com/id?1020092
http://www.coresecurity.com/?action=item&id=2278
http://www.securityfocus.com/bid/29302
http://www.vupen.com/english/advisories/2008/1590
https://exchange.xforce.ibmcloud.com/vulnerabilities/42558

Vulnerable Configurations

cpe:2.3:a:damian_frizza:borland_interbase:2007:sp2:*:*:*:*:*:*
cpe:2.3:a:damian_frizza:borland_interbase:2007:sp2:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 08-08-2017 - 01:31)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	29302
misc	http://www.coresecurity.com/?action=item&id=2278
sectrack	1020092
secunia	30299
vupen	ADV-2008-1590
xf	borland-packet-bo(42558)

Last major update

08-08-2017 - 01:31

Published

05-06-2008 - 22:32

Last modified

08-08-2017 - 01:31