Описание
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
Ссылки
- Broken LinkExploitPatchVendor Advisory
- Mailing List
- Broken LinkVendor Advisory
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken LinkExploitPatchVendor Advisory
- Mailing List
- Broken LinkVendor Advisory
- Broken Link
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия до 3.23.50 (исключая)Версия от 4.0.0 (включая) до 4.0.2 (включая)
Одновременно
Одно из
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*
EPSS
Процентиль: 29%
0.00103
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-120
Связанные уязвимости
CVSS3: 7.8
debian
почти 23 года назад
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta ...
CVSS3: 7.8
github
больше 3 лет назад
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
EPSS
Процентиль: 29%
0.00103
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-120