CVE-2011-2475 — HIGH (10.0)

Vulnerability Description

Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string specifiers in unspecified string fields, related to authentication logging.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Sybase	Onebridge Mobile Data Suite	5.5

Related Weaknesses (CWE)

CWE-134

References

http://www.sybase.com/detail?id=1092074Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-11-171/
http://www.sybase.com/detail?id=1092074Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-11-171/

FAQ

What is CVE-2011-2475?

CVE-2011-2475 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote at...

How severe is CVE-2011-2475?

CVE-2011-2475 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-2475?

Check the references section above for vendor advisories and patch information. Affected products include: Sybase Onebridge Mobile Data Suite.