cbcvebase.
CVE-2007-3336
published 2007-06-22

CVE-2007-3336: Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates)…

PriorityP354critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.96%
94.6th percentile
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

Affected

4 ranges
VendorProductVersion rangeFixed in
ingresdatabase_server
ingresdatabase_server
ingresdatabase_server
ingresdatabase_server

Detection & IOCsextracted from sources · hover to see the quote

processiigcc
processiijdbc
filenamealarkp.def
  • The vulnerability is triggered via the QUinsert or QUremove functions called by iigcc; alert on unexpected process crashes or restarts of iigcc/iijdbc services on Windows hosts
  • Exploitation can result in SYSTEM-level code execution; monitor for privilege escalation events following unexpected iigcc/iijdbc crashes on Windows 2003 Server
  • ·The PoC was tested specifically on Windows 2003 Server SP1 (English); payload offsets (2106 for iigcc, 1066 for iijdbc) may differ on other OS versions or service pack levels
  • ·Affected versions span Ingres 2006 9.0.4, r3, 2.6, and 2.5; the PoC author notes the issue is fixed in the last version, so detection should focus on unpatched legacy deployments
  • ·The port targeted is user-supplied at runtime (not hardcoded); defenders should identify the listening port of iigcc and iijdbc in their specific deployment and apply network-layer controls accordingly
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.