Unrated severityNVD Advisory· Published Apr 30, 2009· Updated Apr 23, 2026

CVE-2009-1291

Description

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.

Affected products

TIBCO Software/Enterprise Message Service7 versions
cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:tibco:enterprise_message_service:*:*:*:*:*:*:*:*range: <=5.1.1
- cpe:2.3:a:tibco:enterprise_message_service:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:enterprise_message_service:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:enterprise_message_service:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:enterprise_message_service:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:enterprise_message_service:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:enterprise_message_service:4.4.2:*:*:*:*:*:*:*
TIBCO Software/Rtworks2 versions
cpe:2.3:a:tibco:rtworks:4.0.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:tibco:rtworks:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:rtworks:4.0.4:*:*:*:*:*:*:*
TIBCO Software/Smartsockets2 versions
cpe:2.3:a:tibco:smartsockets:6.8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:tibco:smartsockets:6.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:smartsockets:6.8.1:*:*:*:*:*:*:*
TIBCO Software/Smartsockets Rtserver2 versions
cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:tibco:smartsockets_rtserver:*:*:*:*:*:*:*:*range: <=6.8.1
- cpe:2.3:a:tibco:smartsockets_rtserver:6.8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.tibco.com/services/support/advisories/default.jspnvdPatchVendor Advisory
secunia.com/advisories/34911nvdVendor Advisory
www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txtnvdVendor Advisory
www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txtnvdVendor Advisory
www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txtnvdVendor Advisory
www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jspnvdVendor Advisory
www.vupen.com/english/advisories/2009/1198nvdVendor Advisory
labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
securitytracker.com/idnvd
www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.htmlnvd
www.securityfocus.com/bid/34754nvd
exchange.xforce.ibmcloud.com/vulnerabilities/50214nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000