Vulnerability Details CVE-2014-9264
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.043
EPSS Ranking 88.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.zerodayinitiative.com/advisories/ZDI-14-412/
- http://www.zerodayinitiative.com/advisories/ZDI-14-413/
- http://www.zerodayinitiative.com/advisories/ZDI-14-414/
- http://www.zerodayinitiative.com/advisories/ZDI-14-415/
- http://www.zerodayinitiative.com/advisories/ZDI-14-412/
- http://www.zerodayinitiative.com/advisories/ZDI-14-413/
- http://www.zerodayinitiative.com/advisories/ZDI-14-414/
- http://www.zerodayinitiative.com/advisories/ZDI-14-415/
Products affected by CVE-2014-9264
-
cpe:2.3:a:sap:sql_anywhere:-
-
cpe:2.3:a:sap:sql_anywhere:11.0
-
cpe:2.3:a:sap:sql_anywhere:16.0
-
cpe:2.3:a:sap:sql_anywhere:17.0