CVE-2009-3691

IBM Informix Client SDK 3.0 and 3.50 - Remote Code Execution via Crafted .nfx File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3691. PoCs published by bruiser.

AI-analyzed exploit summary This exploit leverages an integer overflow in IBM Informix Client SDK 3.0's SetNet32 utility via a malformed .nfx file, leading to a stack-based buffer overflow and arbitrary code execution. The PoC includes shellcode for adding a user and carefully crafted SEH overwrites to bypass SafeSEH protections.

Description

Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bruiser · phpremotewindows

https://www.exploit-db.com/exploits/10070

View Code ZIP pw:eip

This exploit leverages an integer overflow in IBM Informix Client SDK 3.0's SetNet32 utility via a malformed .nfx file, leading to a stack-based buffer overflow and arbitrary code execution. The PoC includes shellcode for adding a user and carefully crafted SEH overwrites to bypass SafeSEH protections.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM Informix Client SDK 3.0, IBM Informix Connect Runtime 3.x

No auth needed

Prerequisites: Victim must open the malicious .nfx file · IBM Informix Client SDK 3.0 or vulnerable version installed

MITRE ATT&CK