Borland IDSQL32.DLL Library Remote Heap Buffer Overflow Vulnerability
BID:21342
Info
Borland IDSQL32.DLL Library Remote Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 21342 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6201 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 29 2006 12:00AM |
| Updated: | Dec 02 2006 01:39AM |
| Credit: | JJ Reyes, Secunia Research is credited with the discovery of this issue. |
| Vulnerable: |
RevilloC MailServer 1.21 Borland idsql32.dll 5.2 .2 Borland idsql32.dll 5.1 .4 Borland Developer Studio 2006 0 |
| Not Vulnerable: | |
Discussion
Borland IDSQL32.DLL Library Remote Heap Buffer Overflow Vulnerability
The Borland 'idsql32.dll' library is prone to a remote heap buffer-overflow vulnerability. This issue occurs due to a lack of adequate bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can leverage this issue to execute arbitrary code in the context of an application using the library. A successful exploit may result in the compromise of the computer; other attacks are possible.
Versions 5.1.0.4 and 5.2.0.2 are vulnerable to this issue; other versions may also be affected.
Note: Any application that uses this library and passes user-supplied data to the affected routine could also be affected.
The Borland 'idsql32.dll' library is prone to a remote heap buffer-overflow vulnerability. This issue occurs due to a lack of adequate bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker can leverage this issue to execute arbitrary code in the context of an application using the library. A successful exploit may result in the compromise of the computer; other attacks are possible.
Versions 5.1.0.4 and 5.2.0.2 are vulnerable to this issue; other versions may also be affected.
Note: Any application that uses this library and passes user-supplied data to the affected routine could also be affected.
Exploit / POC
Borland IDSQL32.DLL Library Remote Heap Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
Borland IDSQL32.DLL Library Remote Heap Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Borland IDSQL32.DLL Library Remote Heap Buffer Overflow Vulnerability
References:
References:
- Borland Homepage (Borland)
- Revilloc Mailserver Homepage (Revilloc Developments Ltd.)
- Secunia Research: Borland Products idsql32.dll Buffer Overflow Vulnerability (JJ Reyes, Secunia Research)