ID CVE-2009-1011
Summary Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:application_server:8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:8.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:8.3.0:*:*:*:*:*:*:*
CVSS
Base: 4.4 (as of 14-01-2014 - 03:46)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 34461
cert TA09-105A
confirm
idefense 20090515 Multiple Vendor Outside In Multiple Integer Overflow Vulnerabilities
osvdb 53750
sectrack 1022055
secunia 34693
Last major update 14-01-2014 - 03:46
Published 15-04-2009 - 10:30
Back to Top