CVE-2008-0912

Sybase MobiLink < 10.0.1.3629 - Remote Code Execution via Long Username, Version, or Remote ID

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0912. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes a heap-based buffer overflow vulnerability in Sybase MobiLink 10.0.1.3629, allowing remote code execution or denial-of-service. It references ExploitDB and a GitLab link for the exploit binary but contains no actual exploit code.

Description

Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdosmultiple

https://www.exploit-db.com/exploits/31271

View Code ZIP pw:eip

The provided text describes a heap-based buffer overflow vulnerability in Sybase MobiLink 10.0.1.3629, allowing remote code execution or denial-of-service. It references ExploitDB and a GitLab link for the exploit binary but contains no actual exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Sybase MobiLink 10.0.1.3629

No auth needed

Prerequisites: Network access to the vulnerable Sybase MobiLink service

MITRE ATT&CK