ID CVE-2012-0549
Summary Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API.
References
Vulnerable Configurations
  • Oracle Supply Chain Products Suite 20.1.1
    cpe:2.3:a:oracle:supply_chain_products_suite:20.1.1
CVSS
Base: 7.5 (as of 18-05-2016 - 10:32)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow. CVE-2012-0549. Remote exploit for windows platform
id EDB-ID:20297
last seen 2016-02-02
modified 2012-08-06
published 2012-08-06
reporter metasploit
source https://www.exploit-db.com/download/20297/
title Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
metasploit via4
description This module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
id MSF:EXPLOIT/WINDOWS/BROWSER/ORACLE_AUTOVUE_SETMARKUPMODE
last seen 2019-03-11
modified 2017-10-05
published 2012-08-05
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb
title Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
packetstorm via4
data source https://packetstormsecurity.com/files/download/115324/oracle_autovue_setmarkupmode.rb.txt
id PACKETSTORM:115324
last seen 2016-12-05
published 2012-08-07
reporter juan vazquez
source https://packetstormsecurity.com/files/115324/Oracle-AutoVue-ActiveX-Control-SetMarkupMode-Buffer-Overflow.html
title Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
mandriva MDVSA-2013:150
sectrack 1026937
secunia 48875
saint via4
bid 53077
description Oracle AutoVue SetMarkupMode ActiveX Overflow
osvdb 81439
title oracle_autovue_setmarkupmode_activex
type client
Last major update 18-05-2016 - 13:35
Published 03-05-2012 - 14:55
Last modified 06-12-2017 - 21:29
Back to Top