CVE-2005-2297

Sybase Easerver - Buffer Overflow

Title source: rule

Description

Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.

Exploits (2)

metasploit WORKING POC NORMAL

by Unknown · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/sybase_easerver.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16766

View Code ZIP pw:eip

References (5)

[Mailing List] http://marc.info/?l=bugtraq&m=112146180532313&w=2

[Patch, Vendor Advisory] http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm

[Patch, Vendor Advisory] http://www.sybase.com/detail?id=1036742

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1014497

[Third Party Advisory] http://secunia.com/advisories/16108

Scores

EPSS 0.7153

EPSS Percentile 98.7%

Classification

Status draft

Affected Products (4)

sybase/easerver

Timeline

Published Jul 19, 2005

Tracked Since Feb 18, 2026