Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll.
A buffer overflow vulnerability in librpc.dll allows remote attackers to execute arbitrary commands by sending a request containing an invalid credentials length parameter to the portmapper service.
Upgrade to version 10.00.TC9, 10.00.TC10, 11.10.TC3, or 11.10.TC4 or higher.
Exploit works on Informix Dynamic Server 11.10.TC1 on Windows Server 2003 SP2 with security updates KB956802 and KB956572 installed and DEP disabled.
Windows Server 2003