CVE-2007-4273

CWE-134Uncontrolled Format String3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 74.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2 Universal Database
Timeline
PublishedAug 18
Latest updateMay 1

Description

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm).

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-946w-fc5x-gqqm: IBM DB2 UDB 8 before Fixpak 15 and 92022-05-01
CVEList
CVE-2007-4273: IBM DB2 UDB 8 before Fixpak 15 and 92007-08-18
CVE-2007-4273 (MEDIUM CVSS 4.6) | IBM DB2 UDB 8 before Fixpak 15 and | cvebase.io