CVE-2016-0226
HIGHIBM Informix Dynamic Server 11.70.xCN - Privilege Escalation
Title source: llmDescription
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-16-210/
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-16-209/
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21978598
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035286
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-16-208/
Scores
CVSS v3
7.8
EPSS
0.0038
EPSS Percentile
29.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (1)
ibm/informix_dynamic_server
11.70.xcn
Published
Mar 28, 2016
Tracked Since
Feb 18, 2026