Vulnerability Report

CVE-2008-0912

RCE

Title: Sybase Mobilink RCE

RCE

Proof Of Concept

PoC Available for CVE-2008-0912

CWE Category CWE-119

Published Date Feb 22, 2008

Modified Date Apr 09, 2025

Exploit Status Available

Score 10.0 CVSS v2.0

Exploit Probability (EPSS)

27.49%

Vulnerability Summary

CVE-2008-0912: Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information.

Impacted Vendors

sybase 2

Reference Links

http://aluigi.altervista.org/adv/mobilinkhof-adv.txt http://secunia.com/advisories/29045 http://securityreason.com/securityalert/3691 http://www.securityfocus.com/archive/1/488409/100/0/threaded http://www.securityfocus.com/archive/1/490259/100/0/threaded http://www.securityfocus.com/bid/27914 http://www.securitytracker.com/id?1019469 http://www.vupen.com/english/advisories/2008/0626 http://aluigi.altervista.org/adv/mobilinkhof-adv.txt http://secunia.com/advisories/29045 http://securityreason.com/securityalert/3691 http://www.securityfocus.com/archive/1/488409/100/0/threaded http://www.securityfocus.com/archive/1/490259/100/0/threaded http://www.securityfocus.com/bid/27914 http://www.securitytracker.com/id?1019469 http://www.vupen.com/english/advisories/2008/0626

CVSS v2.0

Source Entity [email protected]

Severity HIGH

10.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-0912 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/31271

View Code

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

February 22, 2008 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.