Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2087 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Software Interbase

7 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.8%

top 26.69%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Borland Software Interbase

Timeline

PublishedDec 31

Latest updateApr 30

Description

Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDborland_software/interbase6.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-vjh6-wp56-r6h2: Buffer overflow in Borland InterBase 6↗2022-04-30

▶

CVEList

CVE-2002-2087: Buffer overflow in Borland InterBase 6↗2005-08-05

▶

💥Exploits & PoCs

Exploit-DB

Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Local Privilege Escalation↗2003-05-12

▶

Exploit-DB

Firebird 1.0 - GDS_Inet_Server Interbase Environment Variable Buffer Overflow↗2003-05-10

▶

Exploit-DB

Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (2)↗2002-06-18

▶

Exploit-DB

Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (1)↗2002-06-15

▶