Reported October 24, 2003 by Application Security, Inc.

 

 

VERSIONS AFFECTED

 

IBM DB2 Universal Database 7.2 for Windows

 

DESCRIPTION

 

A stack-overflow vulnerability in DB2 Universal Database 7.2 for Windows can result in the execution of arbitrary code on the vulnerable server. To exploit this vulnerability, an attacker can issue a carefully crafted Invoke command.

<span style="font-family:Verdana"> </h3>

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.ibm.com/" style="color: blue; text-decoration: underline; text-underline: single">IBM</a> has released <a href="http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/download.d2w/report" style="color: blue; text-decoration: underline; text-underline: single">Fixpak 10a for DB2 v7.2</a> to fix this vulnerability.</h3>

 

CREDIT

 

Discovered by Application Security, Inc.