SAP SQL Anywhere .NET Data Provider Code Execution Vulnerabilities

2014-12-10T00:00:00
ID 1337DAY-ID-22991
Type zdt
Reporter John Leitch
Modified 2014-12-10T00:00:00

Description

This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere. The specific flaw exists within the handling of the REPLICATE function. If an application allows untrusted input to be used as the length of a REPLICATE function in a query, even if the input is correctly filtered against SQL injection, an attacker could take advantage of an arithmetic truncation error to overflow a heap buffer and execute arbitrary code in the context of the application. The specific flaw exists within the handling of the SPACE function. If an application allows untrusted input to be used as the length of a SPACE function in a query, even if the input is correctly filtered against SQL injection, an attacker could take advantage of an arithmetic truncation error to overflow a heap buffer and execute arbitrary code in the context of the application.

This is private exploit. You can buy it at https://0day.today