Description
Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function.
Affected products
- borland_software / c++_builder5.x – 5.x
- borland_software / c++_builder6.x – 6.x
- borland_software / c++_builder2006 – 2006
- borland_software / c++_builder2006 – 2006
- borland_software / delphi5.x – 5.x
- borland_software / delphi6.x – 6.x
- borland_software / delphi7.x – 7.x
- borland_software / delphi2006 – 2006
- borland_software / developer_studio2006 – 2006
- borland_software / idsql32.dll5.1.0.2 – 5.1.0.2
- borland_software / idsql32.dll5.1.0.4 – 5.1.0.4
- revilloc / mailserver
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/30583
- VENDOR_ADVISORYhttp://secunia.com/advisories/22570
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/4763
- MISChttp://secunia.com/secunia_research/2006-70/advisory/
- MISChttp://www.securityfocus.com/bid/21342
- MISChttp://www.securityfocus.com/archive/1/453003/100/0/threaded