Vulnerability Details : CVE-2008-0768
Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-0768
- IBM » Informix Dynamic ServerVersions from including (>=) 10.0 and up to, including, (<=) 10.00.xc8cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:*:*:*:*
- IBM » Informix Dynamic ServerVersions from including (>=) 11.10 and up to, including, (<=) 11.10.xc2cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:informix_storage_manager:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0768
14.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0768
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-0768
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0768
-
http://www.vupen.com/english/advisories/2008/0317
Permissions Required
-
http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=only
Vendor Advisory
-
http://www.securityfocus.com/bid/27485
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1019281
Third Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg21294211
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/40018
Third Party Advisory;VDB Entry
-
http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=only
Vendor Advisory
Jump to