CVE-2009-3691

EUVD-2009-3666
Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
ibminformix_client_sdk
3.0
ibminformix_client_sdk
3.50
ibminformix_connect_runtime
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://retrogod.altervista.org/9sg_ibm_setnet32.html
http://secunia.com/advisories/36949
http://securitytracker.com/id?1022985
http://www.osvdb.org/58530
http://www.securityfocus.com/bid/36588
http://www.vupen.com/english/advisories/2009/2834
https://exchange.xforce.ibmcloud.com/vulnerabilities/53644
http://retrogod.altervista.org/9sg_ibm_setnet32.html
http://secunia.com/advisories/36949
http://securitytracker.com/id?1022985
http://www.osvdb.org/58530
http://www.securityfocus.com/bid/36588
http://www.vupen.com/english/advisories/2009/2834
https://exchange.xforce.ibmcloud.com/vulnerabilities/53644