Vulnerabilities > CVE-2009-3691 - Numeric Errors vulnerability in IBM Informix Client SDK and Informix Connect Runtime
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | IBM Informix Client SDK 3.0 nfx file integer overflow exploit. CVE-2009-3691. Remote exploit for windows platform |
| id | EDB-ID:10070 |
| last seen | 2016-02-01 |
| modified | 2009-10-05 |
| published | 2009-10-05 |
| reporter | bruiser |
| source | https://www.exploit-db.com/download/10070/ |
| title | IBM Informix Client SDK 3.0 nfx file integer Overflow Exploit |
References
- http://retrogod.altervista.org/9sg_ibm_setnet32.html
- http://retrogod.altervista.org/9sg_ibm_setnet32.html
- http://secunia.com/advisories/36949
- http://secunia.com/advisories/36949
- http://securitytracker.com/id?1022985
- http://securitytracker.com/id?1022985
- http://www.osvdb.org/58530
- http://www.osvdb.org/58530
- http://www.securityfocus.com/bid/36588
- http://www.securityfocus.com/bid/36588
- http://www.vupen.com/english/advisories/2009/2834
- http://www.vupen.com/english/advisories/2009/2834
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53644
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53644