CVE-2007-5243

InterBase 8.0.0.53-8.1.0.253 & WI 5.1.1.680-8.1.0.257 - Remote Code Execution via Stack Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 21 public exploits for CVE-2007-5243. PoCs published by Metasploit, Adriano Lima, Ramon de C Valle, including Metasploit module exploits/windows/misc/ib_isc_attach_database.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Firebird/InterBase via a malformed service attach request (opcode 82). It targets specific versions (WI-V1.5.3.4870, WI-V1.5.4.4910) by overflowing a buffer with a crafted payload, leading to arbitrary code execution.

Description

Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function.

Exploits (21)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16420

This Metasploit module exploits a stack buffer overflow in Firebird/InterBase via a malformed service attach request (opcode 82). It targets specific versions (WI-V1.5.3.4870, WI-V1.5.4.4910) by overflowing a buffer with a crafted payload, leading to arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Firebird/InterBase WI-V1.5.3.4870, WI-V1.5.4.4910
No auth needed
Prerequisites: Network access to Firebird/InterBase port 3050 · Vulnerable version of Firebird/InterBase
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16432

This exploit targets a stack buffer overflow in Borland InterBase's isc_create_database() function by sending a crafted create request. It includes a payload delivery mechanism and brute-force targeting for different versions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase / Firebird WI-V2.0.0.12748, WI-V2.0.1.12855
Auth required
Prerequisites: Network access to target port (3050) · Valid credentials (SYSDBA/masterkey)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16440

This exploit targets a stack buffer overflow in Borland InterBase's isc_attach_database() function by sending a crafted create request. It includes a payload delivery mechanism and is designed for remote code execution on Windows systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Firebird Relational Database (WI-V2.0.0.12748, WI-V2.0.1.12855)
Auth required
Prerequisites: Network access to the target's Firebird database port (3050) · Valid credentials (SYSDBA/masterkey by default)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16449

This Metasploit module exploits a stack buffer overflow in Borland InterBase via a crafted service attach request. It targets multiple versions of InterBase and delivers a payload to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase (multiple versions)
No auth needed
Prerequisites: Network access to the target's InterBase service (port 3050)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16437

This Metasploit module exploits a stack buffer overflow in Borland InterBase via a crafted `isc_create_database()` request. It targets multiple versions with specific return addresses and payload constraints.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase (multiple versions including WI-V8.1.0.257, WI-V8.0.0.123, etc.)
No auth needed
Prerequisites: Network access to target's InterBase port (default 3050) · Vulnerable InterBase version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16447

This is a Metasploit module exploiting a stack buffer overflow in Borland InterBase via a crafted attach request. It targets multiple versions of InterBase and delivers a payload for remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase (multiple versions)
No auth needed
Prerequisites: Network access to the target's InterBase port (default 3050)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16839

This exploit targets a stack buffer overflow in Borland InterBase by sending a crafted attach request. It leverages a known return address to execute arbitrary payloads, achieving remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253
No auth needed
Prerequisites: Network access to the target's InterBase service (port 3050)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16843

This exploit targets a stack buffer overflow in Borland InterBase via a crafted create request. It sends a malicious payload to trigger remote code execution on vulnerable versions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253
No auth needed
Prerequisites: Network access to target on port 3050 · Vulnerable InterBase version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/16844

This exploit targets a stack buffer overflow in Borland InterBase's INET_connect() function by sending a crafted service attach request. It leverages a return address overwrite to execute arbitrary payloads, achieving remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253
No auth needed
Prerequisites: Network access to target's InterBase service (port 3050)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Adriano Lima · rubyremotelinux
https://www.exploit-db.com/exploits/10020

This exploit targets a stack-based buffer overflow in Borland InterBase's jrd8_create_database() function via a crafted create request. It delivers a payload to achieve remote code execution on vulnerable Linux systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253
No auth needed
Prerequisites: Network access to target's InterBase port (3050)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Adriano Lima · rubyremotelinux
https://www.exploit-db.com/exploits/10021

This exploit targets a stack overflow vulnerability in Borland InterBase's INET_connect() function by sending a maliciously crafted service attach request. It includes a payload delivery mechanism for remote code execution on Linux systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253
No auth needed
Prerequisites: Network access to the target's InterBase service (port 3050)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Adriano Lima · rubyremotelinux
https://www.exploit-db.com/exploits/9954

This exploit targets a stack-based buffer overflow in Borland InterBase via a crafted attach request. It leverages a known return address to execute arbitrary payloads, achieving remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253
No auth needed
Prerequisites: Network access to target port 3050 · Vulnerable InterBase version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Ramon de C Valle · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/ib_isc_attach_database.rb

This Metasploit module exploits a stack buffer overflow in Borland InterBase's `isc_attach_database()` function by sending a crafted attach request with a malformed length field, leading to remote code execution on vulnerable versions.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase (versions WI-V5.1.1.680 to WI-V8.1.0.257)
No auth needed
Prerequisites: Network access to the InterBase server (default port 3050) · Vulnerable InterBase version
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC GOOD
by Ramon de C Valle · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/ib_isc_create_database.rb

This Metasploit module exploits a stack buffer overflow in Borland InterBase's `isc_create_database()` function by sending a crafted create request. It includes multiple targets for different InterBase versions and uses a brute-force approach to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase (multiple versions including WI-V8.1.0.257, WI-V8.0.0.123, etc.)
No auth needed
Prerequisites: Network access to the InterBase service (default port 3050)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Ramon de C Valle · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_svc_attach.rb

This Metasploit module exploits a stack buffer overflow in Borland InterBase's SVC_attach() function by sending a crafted service attach request. It includes payload handling, target-specific return addresses, and brute-force capabilities.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Firebird Relational Database (WI-V1.5.3.4870, WI-V1.5.4.4910)
No auth needed
Prerequisites: Network access to target port 3050 · Vulnerable Firebird version
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Ramon de C Valle · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_isc_attach_database.rb

This Metasploit module exploits a stack buffer overflow in Borland InterBase's isc_attach_database() function by sending a crafted create request with a malicious payload. It targets Firebird WI-V2.0.0.12748 and WI-V2.0.1.12855, leveraging a known return address to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase / Firebird WI-V2.0.0.12748, WI-V2.0.1.12855
Auth required
Prerequisites: Network access to the target's InterBase/Firebird port (3050) · Valid credentials (SYSDBA/masterkey by default)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Ramon de C Valle · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_isc_create_database.rb

This Metasploit module exploits a stack buffer overflow in Borland InterBase's `isc_create_database()` function by sending a crafted create request with a malformed length field and embedded payload. It targets Firebird WI-V2.0.0.12748 and WI-V2.0.1.12855, leveraging a hardcoded return address to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Firebird WI-V2.0.0.12748, WI-V2.0.1.12855
Auth required
Prerequisites: Network access to Firebird server (port 3050) · Valid SYSDBA credentials (default: 'masterkey')
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC GOOD
by Ramon de C Valle · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/ib_svc_attach.rb

This Metasploit module exploits a stack buffer overflow in Borland InterBase's SVC_attach() function by sending a crafted service attach request with a maliciously long payload. It includes multiple targets for different InterBase versions and leverages return addresses to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase (multiple versions including WI-V8.1.0.257, WI-V8.0.0.123, etc.)
No auth needed
Prerequisites: Network access to the target's InterBase service (default port 3050)
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC GOOD
by Ramon de C Valle · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/ib_pwd_db_aliased.rb

This Metasploit module exploits a stack buffer overflow in Borland InterBase by sending a crafted attach request to trigger remote code execution. It targets specific versions of InterBase and uses a known return address for reliable exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253
No auth needed
Prerequisites: Network access to the target's InterBase port (3050)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Ramon de C Valle · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/ib_inet_connect.rb

This Metasploit module exploits a stack buffer overflow in Borland InterBase via a crafted service attach request. It targets specific versions of InterBase on Linux, using a return address to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253
No auth needed
Prerequisites: Network access to target port 3050 · Vulnerable InterBase version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Ramon de C Valle · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/ib_jrd8_create_database.rb

This Metasploit module exploits a stack buffer overflow in Borland InterBase by sending a crafted create request to trigger remote code execution. It targets specific versions of InterBase and uses a known return address to redirect execution to the payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Borland InterBase LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253
No auth needed
Prerequisites: Network access to the target's InterBase service (port 3050)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25917
Various Sources x_refsource_misc
http://risesecurity.org/blog/entry/3/
Exploit x_refsource_misc
http://risesecurity.org/exploit/9/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36956
Exploit x_refsource_misc
http://risesecurity.org/exploit/15/
Exploit x_refsource_misc
http://risesecurity.org/exploit/14/
Various Sources x_refsource_misc
http://risesecurity.org/exploit/10/
Various Sources x_refsource_misc
http://risesecurity.org/exploit/13/
Various Sources x_refsource_misc
http://risesecurity.org/exploit/12/
Vendor Advisory x_refsource_misc
http://risesecurity.org/advisory/RISE-2007002/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018772
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38607
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38609
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3381
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38606
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38608
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27058
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/38605

Scores

EPSS 0.4006
EPSS Percentile 98.5%

Details

CWE
CWE-119
Status published
Products (17)
borland_software/interbase li_8.0.0.53
borland_software/interbase li_8.0.0.54
borland_software/interbase li_8.0.0.253
borland_software/interbase wi-o6.0.1.6
borland_software/interbase wi-o6.0.2.0
borland_software/interbase wi-v5.1.1.680
borland_software/interbase wi-v5.5.0.742
borland_software/interbase wi-v6.0.0.627
borland_software/interbase wi-v6.0.1.0
borland_software/interbase wi-v6.0.1.6
... and 7 more
Published Oct 06, 2007
Tracked Since Feb 18, 2026