CVE-2016-0226

The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.

Published: Mar 29, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-0226
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
ibm / informix_dynamic_server	11.70.xcn	11.70.xcn.x

http://www-01.ibm.com/support/docview.wss?uid=swg21978598
http://www.securitytracker.com/id/1035286
http://zerodayinitiative.com/advisories/ZDI-16-208/
http://zerodayinitiative.com/advisories/ZDI-16-209/
http://zerodayinitiative.com/advisories/ZDI-16-210/

Vulnerability Database

289,784

CVE-2016-0226