Executive Summary
Summary | |
---|---|
Title | Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsers |
Informations | |||
---|---|---|---|
Name | VU#520721 | First vendor Publication | 2011-04-19 |
Vendor | VU-CERT | Last vendor Modification | 2011-09-01 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.4 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#520721Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsersOverviewOracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionOracle Outside In is a set of libraries that can decode over 500 different file formats. Originally written by Stellent, Outside In is now part of Oracle. The Oracle Outside In libraries are used by a variety of applications, including Oracle Fusion Middleware, Guidance Encase Forensics, AccessData FTK, and Novell Groupwise.Outside In fails to properly handle Lotus 123 and Microsoft CAB file data, which are handled on the Windows platform by the libraries vswk6.dll and sccut.dll, respectively. The Linux version of Outside In uses libvs_wk6.so and libsc_ut.so. Other supported platforms may use different file names.The CAB file parser may be used when handling a variety of file formats, including Microsoft OneNote (.onepkg). These vulnerabilites are addressed in the Oracle Fusion Middleware Critical Patch Update April 2011. This update provides updated libraries with versions 8.3.5.5927 and 8.3.2.5927, for the Outside in 8.3.5 and 8.3.2 product lines, respectively. Please see Oracle Support Note 1291877.1 (valid Oracle CSI# required) for more details. If you are using an application that uses Outside In, please check with that application's vendor for updates. If updates for your application are not yet available, or if you wish to mitigate other vulnerabilities in Outside In, please consider the following workarounds:
Referenceshttp://www.kb.cert.org/vuls/id/103425 These vulnerabilities were reported by Will Dormann of the CERT/CC. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/520721 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71970 | Oracle Outside In Technology Outside In Filters Unspecified Local DoS Oracle Outside In Technology contains a flaw related to the Outside In Filters component that may allow a local attacker to cause a denial of service via vectors related to the vswk6.dll and sccut.dll modules handling of Microsoft CAB or .onepkg files. No further details have been provided. |
71969 | Oracle Outside In Technology Outside In File ID SDK Unspecified Local DoS Oracle Outside In Technology contains a flaw related to the Outside In File ID SDK component that may allow a local attacker to cause a denial of service via vectors related to the vswk6.dll and sccut.dll modules handling of Lotus 123 files. No further details have been provided. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-10-07 | Name : An archiving application installed on the remote host has multiple vulnerabil... File : symantec_enterprise_vault_sym11-011.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:54 |
|
2013-05-11 00:57:10 |
|