Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAbdulAziz Hariri of Insight TechnologiesZDI-10-032
HistoryMar 16, 2010 - 12:00 a.m.

SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability

2010-03-1600:00:00
AbdulAziz Hariri of Insight Technologies
www.zerodayinitiative.com
20

EPSS

0.352

Percentile

97.2%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serv.exe process which listens by default on TCP port 7210. The process trusts a value from a handshake packet and uses it as a length when copying data to the stack. If provided a malicious value and packet data, this can be leveraged to execute arbitrary code under the context of the SYSTEM user.

Related

cvelist 1
ubuntucve 1
prion 1
exploitdb 1
cve 1
openvas 1
nvd 1
checkpoint_advisories 1
cvelist
cvelist
CVE-2010-1185
2010-03-29 22:00:00
ubuntucve
ubuntucve
CVE-2010-1185
2010-03-29 00:00:00
prion
prion
Stack overflow
2010-03-29 22:30:00
exploitdb
exploitdb
SAP MaxDB - Malformed Handshake Request Remote Code Execution
2010-03-26 00:00:00
cve
cve
CVE-2010-1185
2010-03-29 22:30:00
openvas
openvas
SAP MaxDB 'serv.exe' Unspecified RCE Vulnerability (1409425)
2010-03-17 00:00:00
nvd
nvd
CVE-2010-1185
2010-03-29 22:30:00
checkpoint_advisories
checkpoint_advisories
Packet Sanity (CVE-1999-0193; CVE-1999-0675; CVE-2000-0221; CVE-2002-1071; CVE-2003-1029; CVE-2004-0247; CVE-2004-1109; CVE-2007-1804; CVE-2007-3026; CVE-2008-7127; CVE-2010-1185; CVE-2011-0975; CVE-2012-6638; CVE-2014-3000)
2019-06-23 00:00:00

EPSS

0.352

Percentile

97.2%

JSON
Related for ZDI-10-032
cvelist1ubuntucve1prion1exploitdb1cve1openvas1nvd1checkpoint_advisories1