cbcvebase.
CVE-2007-5244
published 2007-10-06

CVE-2007-5244: Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers…

PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
37.50%
98.3th percentile
Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_file function.

Affected

4 ranges
VendorProductVersion rangeFixed in
borlandinterbase
borland_softwareinterbase
borland_softwareinterbase
borland_softwareinterbase

Detection & IOCsextracted from sources · hover to see the quote

port3050/tcp
processibserver.exe
otherRET address 0x0804cbe4 (pop esi; pop ebp; ret) — Borland InterBase LI-V8.0.0.53 / LI-V8.0.0.54 / LI-V8.1.0.253
bytes
opcode 0x52
  • Flag any TCP/3050 packet containing opcode 0x52 that is malformed or anomalously large, as this is the specific trigger for the ibserver.exe stack overflow.
  • Bad characters used in the exploit payload are \x00\x2f\x3a\x40\x5c; their absence in an otherwise large TCP/3050 attach request body can help confirm a crafted exploit buffer.
  • Alert on connections to ibserver.exe (TCP/3050) from external hosts sending an op_attach packet whose data field exceeds normal bounds (legitimate attach requests are far smaller than 1056 bytes).
  • ·The Metasploit module targets only Linux builds of Borland InterBase (LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253); the hardcoded RET gadget (0x0804cbe4) is version-specific and will not work against other builds.
  • ·The NVD note indicates possible overlap between CVE-2007-5243, CVE-2007-5244, and CVE-2008-1910; detections built for one CVE may cover the others as they share the same service and port.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.