CyberSec.Space Logo
Back to CVE Browser

CVE-2007-3676

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1040%
EPSS Percentile0.15th
PublishedFeb 13, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.

Affected Platforms (CPE)

πŸ“¦
Ibm

Db2

<= 8.0
πŸ“¦
Ibm

Db2

<= 9.0

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654
πŸ”— http://securitytracker.com/id?1019318
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654
πŸ”— http://securitytracker.com/id?1019318

Related Vulnerabilities

CVE-2007-258210.0

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) ...

CVE-2005-486510.0

Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.

CVE-2005-041710.0

Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to t...

CVE-2007-605110.0

IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has un...