Application Security discovered that a stack-overflow vulnerability in DB2 Universal Database 7.2 for Windows can result in the execution of arbitrary code on the vulnerable server. To exploit this vulnerability, an attacker can issue a carefully crafted Invoke command. IBM has released Fixpak 10a for DB2 7.2 to fix this vulnerability.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

   http://secadministrator.com/articles/index.cfm?articleid=40647