Vulnerabilities > CVE-2007-3566 - Remote Stack Based Buffer Overflow vulnerability in Borland Software Interbase 2007
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Borland Interbase Create-Request Buffer Overflow. CVE-2007-3566. Remote exploit for windows platform |
| id | EDB-ID:16453 |
| last seen | 2016-02-01 |
| modified | 2010-06-15 |
| published | 2010-06-15 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16453/ |
| title | Borland Interbase Create-Request Buffer Overflow |
Metasploit
| description | This module exploits a stack buffer overflow in Borland Interbase 2007. By sending a specially crafted create-request packet, a remote attacker may be able to execute arbitrary code. |
| id | MSF:EXPLOIT/WINDOWS/MISC/BORLAND_INTERBASE |
| last seen | 2020-06-13 |
| modified | 2017-07-24 |
| published | 2007-07-26 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/borland_interbase.rb |
| title | Borland Interbase Create-Request Buffer Overflow |
Packetstorm
data source https://packetstormsecurity.com/files/download/58325/interbase_create.rb.txt id PACKETSTORM:58325 last seen 2016-12-05 published 2007-08-08 reporter Ramon de C Valle source https://packetstormsecurity.com/files/58325/interbase_create.rb.txt.html title interbase_create.rb.txt data source https://packetstormsecurity.com/files/download/82954/borland_interbase.rb.txt id PACKETSTORM:82954 last seen 2016-12-05 published 2009-11-26 reporter MC source https://packetstormsecurity.com/files/82954/Borland-Interbase-Create-Request-Buffer-Overflow.html title Borland Interbase Create-Request Buffer Overflow
Saint
| bid | 25048 |
| description | Borland Interbase ibserver.exe create buffer overflow |
| id | database_interbasebo |
| osvdb | 38602 |
| title | interbase_create |
| type | remote |
References
- http://dvlabs.tippingpoint.com/advisory/TPTI-07-13
- http://dvlabs.tippingpoint.com/blog/2007/07/24/step-by-step-of-how-tpti-07-013-was-discovered
- http://osvdb.org/38602
- http://secunia.com/advisories/26189
- http://securityreason.com/securityalert/2929
- http://www.codegear.com/downloads/regusers/interbase
- http://www.securityfocus.com/archive/1/474561/100/0/threaded
- http://www.securityfocus.com/bid/25048
- http://www.securitytracker.com/id?1018451
- http://www.vupen.com/english/advisories/2007/2642
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35574