CVE-2008-0912
Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information.
Múltiples desbordamientos de búfer basados en montículo en mlsrv10.exe de Sybase MobiLink 10.0.1.3629 y anteriores, del modo que se usa en SQL Anywhere Developer Edition 10.0.1.3415 y probablemente otros productos, permiten a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída del demonio) a través de 1) nombre de usuario, (2) versión o (3) ID remota largos. NOTA: algunos de estos detalles se han obtenido de información de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-02-20 First Exploit
- 2008-02-22 CVE Reserved
- 2008-02-22 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3691 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/488409/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/490259/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/27914 | Vdb Entry | |
| http://www.securitytracker.com/id?1019469 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0626 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31271 | 2008-02-20 | |
| http://aluigi.altervista.org/adv/mobilinkhof-adv.txt | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29045 | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sybase Search vendor "Sybase" | Mobilink Search vendor "Sybase" for product "Mobilink" | <= 10.0.1.3629 Search vendor "Sybase" for product "Mobilink" and version " <= 10.0.1.3629" | - |
Affected
| ||||||
| Sybase Search vendor "Sybase" | Sql Anywhere Search vendor "Sybase" for product "Sql Anywhere" | 10.0.1.3415 Search vendor "Sybase" for product "Sql Anywhere" and version "10.0.1.3415" | developer_edition |
Affected
| ||||||