Vulnerability Description
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Informix Dynamic Server | 11.70.xcn |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg21978598PatchVendor Advisory
- http://www.securitytracker.com/id/1035286
- http://zerodayinitiative.com/advisories/ZDI-16-208/
- http://zerodayinitiative.com/advisories/ZDI-16-209/
- http://zerodayinitiative.com/advisories/ZDI-16-210/
- http://www-01.ibm.com/support/docview.wss?uid=swg21978598PatchVendor Advisory
- http://www.securitytracker.com/id/1035286
- http://zerodayinitiative.com/advisories/ZDI-16-208/
- http://zerodayinitiative.com/advisories/ZDI-16-209/
- http://zerodayinitiative.com/advisories/ZDI-16-210/
FAQ
What is CVE-2016-0226?
CVE-2016-0226 is a vulnerability with a CVSS score of 7.8 (HIGH). The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local user...
How severe is CVE-2016-0226?
CVE-2016-0226 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0226?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Informix Dynamic Server, Microsoft Windows.