CVE-2009-3691

Name of the Vulnerable Software and Affected Versions IBM Informix Client SDK versions 3.0 through 3.50 Informix Connect Runtime versions 3.x

Description The issue is related to multiple integer overflows in the setnet32.exe file, which can be exploited by remote attackers to execute arbitrary code. This can be achieved by using a crafted .nfx file with specific field values, such as HostSize, ProtoSize, and ServerSize, that trigger a stack-based buffer overflow involving a crafted HostList field.

Recommendations For IBM Informix Client SDK versions 3.0 through 3.50, update to a version that fixes the integer overflows in setnet32.exe. For Informix Connect Runtime versions 3.x, update to a version that fixes the integer overflows in setnet32.exe. As a temporary workaround, consider restricting access to the setnet32.exe file to minimize the risk of exploitation.