CVE-2008-0912

Name of the Vulnerable Software and Affected Versions Sybase MobiLink versions 10.0.1.3629 and earlier SQL Anywhere Developer Edition versions 10.0.1.3415 and earlier

Description The issue is related to multiple heap-based buffer overflows in the mlsrv10.exe component. This can be exploited by remote attackers via a long username, version, or remote ID. Successful exploitation can lead to the execution of arbitrary code or cause a denial of service, resulting in a daemon crash.

Recommendations For Sybase MobiLink versions 10.0.1.3629 and earlier, consider updating to a version later than 10.0.1.3629 to resolve the issue. For SQL Anywhere Developer Edition versions 10.0.1.3415 and earlier, consider updating to a version later than 10.0.1.3415 to resolve the issue. As a temporary workaround, consider restricting the length of the username, version, and remote ID to prevent exploitation until a patch is available.