CVE-2001-1129

Name of the Vulnerable Software and Affected Versions Progress database version 9.1C

Description The issue allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. This is due to format string vulnerabilities in multiple components, including probuild, dbutil, mprosrv, mprshut, proapsv, progres, proutil, rfutil, and prolib.

Recommendations For Progress database version 9.1C, consider restricting access to the PROMSGS environment variable to minimize the risk of exploitation. As a temporary workaround, avoid using format string specifiers in the file used by the PROMSGS environment variable until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.