CVE-2007-5243

Name of the Vulnerable Software and Affected Versions: Borland InterBase LI versions 8.0.0.53 through 8.1.0.253 Borland InterBase WI versions 5.1.1.680 through 8.1.0.257

Description: The issue allows remote attackers to execute arbitrary code via multiple stack-based buffer overflows. This can be achieved through various means, including a long service attach request on TCP port 3050 to the SVC attach or INET connect function, a long create request on TCP port 3050 to the isc create database or jrd8 create database function, or a long attach request on TCP port 3050 to the isc attach database or PWD db aliased function. Additionally, there are unspecified vectors involving the jrd8 attach database or expand filename2 function.

Recommendations: For Borland InterBase LI versions 8.0.0.53 through 8.1.0.253, consider disabling the SVC attach, INET connect, isc create database, jrd8 create database, isc attach database, and PWD db aliased functions until a patch is available. For Borland InterBase WI versions 5.1.1.680 through 8.1.0.257, consider disabling the SVC attach, INET connect, isc create database, jrd8 create database, isc attach database, and PWD db aliased functions until a patch is available. As a temporary workaround, restrict access to TCP port 3050 to minimize the risk of exploitation.