CVE-2001-1127

Progress Database 8.3D and 9.1C - Buffer Overflow via Multiple Executables

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-1127. PoCs published by kf.

AI-analyzed exploit summary This exploit targets a buffer overflow in the Progress Database's sqlcpp program, allowing arbitrary code execution via a crafted environment variable and command-line argument. The shellcode spawns a /bin/sh shell.

Description

Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.

Exploits (2)

exploitdb WORKING POC VERIFIED

by kf · clocalmultiple

https://www.exploit-db.com/exploits/21359

View Code ZIP pw:eip

This exploit targets a buffer overflow in the Progress Database's sqlcpp program, allowing arbitrary code execution via a crafted environment variable and command-line argument. The shellcode spawns a /bin/sh shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Progress Database sqlcpp (version unspecified)

No auth needed

Prerequisites: Access to the target system · sqlcpp binary present in /usr/dlc/bin/

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by kf · textlocalmultiple

https://www.exploit-db.com/exploits/21117

View Code ZIP pw:eip

The provided text describes a local buffer overflow vulnerability in Progress Database programs due to insufficient bounds checking in strcpy functions. This could allow arbitrary code execution with elevated privileges, potentially leading to root access.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Progress Database (version not specified)

No auth needed

Prerequisites: Local access to the system · Presence of vulnerable Progress Database programs

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/218833

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3404

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/7236

Scores

EPSS 0.0237

EPSS Percentile 81.6%

Details

Status published

Products (2)

progress/progress 8.3d

progress/progress 9.1c

Published Oct 05, 2001

Tracked Since Feb 18, 2026