CVE-2009-1291
TIBCO SmartSockets <6.8.2, RTworks <4.0.5, EMS 4.0.0-5.1.1 Stack Overflow via Inbound Data
Title source: llmDescription
Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.
References (12)
Core 12
Core References
Vendor Advisory x_refsource_confirm
http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt
Patch, Vendor Advisory x_refsource_confirm
http://www.tibco.com/services/support/advisories/default.jsp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1022129
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34754
Vendor Advisory x_refsource_confirm
http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50214
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1198
Various Sources x_refsource_misc
http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html
Vendor Advisory x_refsource_confirm
http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34911
Vendor Advisory x_refsource_confirm
http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt
Scores
EPSS
0.3114
EPSS Percentile
96.8%
Details
CWE
CWE-119
Status
published
Products (13)
tibco/enterprise_message_service
4.0.0
tibco/enterprise_message_service
4.1.0
tibco/enterprise_message_service
4.2.0
tibco/enterprise_message_service
4.3.0
tibco/enterprise_message_service
4.4.1
tibco/enterprise_message_service
4.4.2
tibco/enterprise_message_service
< 5.1.1
tibco/rtworks
4.0.3
tibco/rtworks
4.0.4
tibco/smartsockets
6.8.0
... and 3 more
Published
Apr 30, 2009
Tracked Since
Feb 18, 2026