CVE-2006-6201

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function.

Desbordamiento del buffer basado en pilas en el Borland idsql32.dll 5.1.0.4, como el usado en el RevilloC MailServer, la 5.2.0.2 como el usado en el Developer Studio 2006 y posiblemente otras versiones, permite a atacantes remotos ejecutar código de su elección a través de la declaración de una sentencia larga en SQL relacionada con el uso de la función DbiQExec.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-11-30 CVE Reserved
2006-12-01 CVE Published
2023-08-27 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
http://www.securityfocus.com/archive/1/453003/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/21342	Vdb Entry
http://www.vupen.com/english/advisories/2006/4763	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30583	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/22570	2018-10-17
http://secunia.com/secunia_research/2006-70/advisory	2018-10-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Borland Software Search vendor "Borland Software"		C\+\+ Builder Search vendor "Borland Software" for product "C\+\+ Builder"				5.x Search vendor "Borland Software" for product "C\+\+ Builder" and version "5.x"		-		Affected
Borland Software Search vendor "Borland Software"		C\+\+ Builder Search vendor "Borland Software" for product "C\+\+ Builder"				6.x Search vendor "Borland Software" for product "C\+\+ Builder" and version "6.x"		-		Affected
Borland Software Search vendor "Borland Software"		C\+\+ Builder Search vendor "Borland Software" for product "C\+\+ Builder"				2006 Search vendor "Borland Software" for product "C\+\+ Builder" and version "2006"		-		Affected
Borland Software Search vendor "Borland Software"		C Builder Search vendor "Borland Software" for product "C Builder"				2006 Search vendor "Borland Software" for product "C Builder" and version "2006"		-		Affected
Borland Software Search vendor "Borland Software"		Delphi Search vendor "Borland Software" for product "Delphi"				5.x Search vendor "Borland Software" for product "Delphi" and version "5.x"		-		Affected
Borland Software Search vendor "Borland Software"		Delphi Search vendor "Borland Software" for product "Delphi"				6.x Search vendor "Borland Software" for product "Delphi" and version "6.x"		-		Affected
Borland Software Search vendor "Borland Software"		Delphi Search vendor "Borland Software" for product "Delphi"				7.x Search vendor "Borland Software" for product "Delphi" and version "7.x"		-		Affected
Borland Software Search vendor "Borland Software"		Delphi Search vendor "Borland Software" for product "Delphi"				2006 Search vendor "Borland Software" for product "Delphi" and version "2006"		-		Affected
Borland Software Search vendor "Borland Software"		Developer Studio Search vendor "Borland Software" for product "Developer Studio"				2006 Search vendor "Borland Software" for product "Developer Studio" and version "2006"		-		Affected
Borland Software Search vendor "Borland Software"		Idsql32.dll Search vendor "Borland Software" for product "Idsql32.dll"				5.1.0.2 Search vendor "Borland Software" for product "Idsql32.dll" and version "5.1.0.2"		-		Affected
Borland Software Search vendor "Borland Software"		Idsql32.dll Search vendor "Borland Software" for product "Idsql32.dll"				5.1.0.4 Search vendor "Borland Software" for product "Idsql32.dll" and version "5.1.0.4"		-		Affected
Revilloc Search vendor "Revilloc"		Mailserver Search vendor "Revilloc" for product "Mailserver"				*		-		Affected