Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5243Improper Restriction of Operations within the Bounds of a Memory Buffer in Software Interbase

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents4 sources
Severity
9.3CRITICALNVD
EPSS
83.0%
top 0.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Borland Software Interbase
Timeline
PublishedOct 6
Latest updateMay 1

Description

Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function,

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDborland_software/interbase17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-cm4p-rvrm-3xfj: Multiple stack-based buffer overflows in Borland InterBase LI 82022-05-01
CVEList
CVE-2007-5243: Multiple stack-based buffer overflows in Borland InterBase LI 82007-10-06

💥Exploits & PoCs

12
Exploit-DB
Firebird Relational Database - 'isc_create_database()' Remote Buffer Overflow (Metasploit)2010-07-03
Exploit-DB
Borland Interbase - 'PWD_db_aliased()' Remote Buffer Overflow (Metasploit)2010-07-03
Exploit-DB
Borland Interbase - 'INET_connect()' Remote Buffer Overflow (Metasploit)2010-07-03
Exploit-DB
Borland Interbase - 'isc_attach_database()' Remote Buffer Overflow (Metasploit)2010-07-03
Exploit-DB
Borland Interbase - 'SVC_attach()' Remote Buffer Overflow (Metasploit)2010-07-03
CVE-2007-5243 — Software Interbase vulnerability | cvebase