Security Bulletin: Buffer overrun vulnerability when executing unspecified SQL statements in IBM Informix (CVE-2012-4857)
A malicious user who has (or manages to gain) access as an authenticated user and connects (either locally or remotely) to the Informix database server can cause a buffer overflow that crashes the Informix database server or allows arbitrary code to be executed within the Informix database server process.
Affected product(s) & Affected version(s):
All IBM Informix versions 11.50 prior to and including 11.50.xC9W2 – all platforms
All IBM Informix versions 11.70 prior to 11.70.xC7 – all platforms
This vulnerability affects only the following Informix products (informally known as "Informix Servers"):
IBM Informix Choice Edition
IBM Informix Developer Edition
IBM Informix Express Edition
IBM Informix Growth Edition
IBM Informix Growth Warehouse Edition
IBM Informix Innovator-C Edition
IBM Informix Ultimate Edition
IBM Informix Ultimate Warehouse Edition
Refer to the following reference URLs for remediation and additional vulnerability details.