CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.1%
Added: 06/30/2009
CVE: CVE-2009-1628
BID: 35494
OSVDB: 55435
The Unisys Business Information Server is an information management solution which provides data access across an enterprise. It includes the **mnet.exe**
program which listens for connections on ports 3985/TCP and 3986/TCP.
A buffer overflow vulnerability in **mnet.exe**
allows remote attackers to execute arbitrary commands by sending a specially crafted request of type 0x16 to the server.
Install the patch.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=808>
Exploit works on Unisys Business Information Server 10.1. Patch KB933729 must be installed on the target operating system in order for this exploit to succeed.
Windows Server 2003