ID CVE-2011-2264
Summary Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters. NOTE: the previous information was obtained from the July 2011 CPU. Oracle has not commented on claims from a reliable third party that this is a stack-based buffer overflow in the imcdr2.flt library for the CorelDRAW parser.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:fusion_middleware:8.3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:fusion_middleware:8.3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*
CVSS
Base: 4.4 (as of 14-01-2014 - 04:09)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:P
refmap via4
cert TA11-201A
cert-vn VU#103425
confirm
saint via4
bid 48766
description Oracle Outside In CDR File Parser Stack Buffer Overflow
osvdb 73912
title oracle_outsidein_cdr_parsing_font_size
type client
Last major update 14-01-2014 - 04:09
Published 21-07-2011 - 00:55
Last modified 14-01-2014 - 04:09
Back to Top