vendor:
Informix Client SDK
by:
Nine:Situations:Group::bruiser
7.5
CVSS
HIGH
Integer Overflow
Integer Overflow
CWE
Product Name: Informix Client SDK
Affected Version From: IBM Informix Client SDK 3.0
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Platforms Tested: Windows
Unknown
IBM Informix Client SDK 3.0 SetNet32 File (.nfx) Hostsize integer overflow exploit
User-supplied value for the Hostsize field results in an integer overflow and subsequently a complete stack smash by passing an overlong string to the HostList one allowing an attacker to execute arbitrary code. All modules in memory are compiled with /SAFESEH=on but it's still possible to execute arbitrary code by passing a certain trusted handler from kernel32.dll. Other attacks are possible through the ProtoSize or ServerSize fields.
Mitigation:
Unknown