CVEブラウザに戻る

CVE-2008-0912

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1400%

EPSS Percentile0.68th

Published2008年2月22日

Last Modified2026年4月23日

Vulnerability Description

Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Sybase

Mobilink

<= 10.0.1.3629

📦

Sybase

Sql Anywhere

= 10.0.1.3415

References & Advisories

🔗 http://aluigi.altervista.org/adv/mobilinkhof-adv.txt

🔗 http://secunia.com/advisories/29045

🔗 http://securityreason.com/securityalert/3691

🔗 http://www.securityfocus.com/archive/1/488409/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/490259/100/0/threaded

🔗 http://www.securityfocus.com/bid/27914

🔗 http://www.securitytracker.com/id?1019469

🔗 http://www.vupen.com/english/advisories/2008/0626

関連する脆弱性情報

CVE-2016-103104.9

Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authent...

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...