Advertisement






Oracle Outside-In DOCX File Parsing Memory Corruption

CVE Category Price Severity
CVE-2019-8626 CWE-119 Not specified High
Author Risk Exploitation Type Date
Ariele Caltum and Johnathan Azaria High Remote 2015-04-18
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2015040102

Below is a copy:

#####################################################################################
 
Title:   Oracle Outside-In DOCX File Parsing Memory Corruption
 
Platforms:   Windows
 
CVE:
 
Secunia:
 
{PRL}:   2015-04
 
Author:   Francis Provencher (Protek Research Labs)
 
Website:   http://www.protekresearchlab.com/
 
Twitter:   @ProtekResearch
 
#####################################################################################
 
1) Introduction
2) Report Timeline
3) Technical details
4) POC
 
#####################################################################################
 
===============
1) Introduction
===============
 
  
 
Oracle Outside In Technology provides software developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats. From the latest office suites, such as Microsoft Office 2007, to specialty formats and legacy files, Outside In Technology provides software developers with the tools to transform unstructured files into controllable information.
 
(http://www.oracle.com/us/technologies/embedded/025613.htm)
 
#####################################################################################
 
============================
2) Report Timeline
============================
 
2015-02-17: Francis Provencher from Protek Research Labs found the issue;
2015-02-18: Oracle Security Alerts confirmed the issue;
2015-04-15: Oracle release a Patch for this issue.
 
#####################################################################################
 
============================
3) Technical details
============================
 
The vulnerability is caused due to a certain value in a document, which can be exploited to corrupt memory via a specially crafted document.
 
Successful exploitation may allow execution of arbitrary code.
 
#####################################################################################
 
===========
 
4) POC
 
===========
 
http://protekresearchlab.com/exploits/PRL-2015-04.docx




Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.