Added: 05/09/2008
CVE: CVE-2008-0727
BID: 28198
OSVDB: 42701
Informix Dynamic Server is a database solution from IBM. The **oninit.exe**
process listens for connections on port 1526/TCP.
The **oninit.exe**
process does not sufficiently check the length of command-line arguments passed to the **sqlexec**
program. This allows remote attackers to execute commands by specifying a long, specially crafted password argument.
Apply one of the updates referenced in ZDI-08-012.
<http://www.zerodayinitiative.com/advisories/ZDI-08-012/>
Exploit works on Informix Dynamic Server 10.00.TC3.
Windows