Zero Day Initiative Advisory 10-218 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is required in that a user must have the ability to connect to the database. The specific flaw exists within the install_jar procedure. The install_jar procedure contains a directory traversal vulnerability that will allow the attacker to upload a Jar file to a directory outside of the intended "\\function\\jar\\Name_of_logged_user\\" directory. A remote attacker can abuse this to execute arbitrary code under the context of the SYSTEM user.
5746e9b76aebd61cf601b1304414d7ffae5b6db71a1eb9f2d8215c67cd0c76ec