ID CVE-2013-0418
Summary Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value. Per: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixFMW '2. Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.'
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:exchange_server:2007:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2007:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:2010:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2010:sp2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware:8.3.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:fusion_middleware:8.3.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware:8.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:fusion_middleware:8.4:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 12-10-2018 - 22:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-03-25T04:00:20.513-04:00
class vulnerability
contributors
name SecPod Team
organization SecPod Technologies
definition_extensions
  • comment Microsoft Exchange Server 2007 SP3 is installed
    oval oval:org.mitre.oval:def:15784
  • comment Microsoft Exchange Server 2010 SP2 is installed
    oval oval:org.mitre.oval:def:14151
description Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.
family windows
id oval:org.mitre.oval:def:16251
status accepted
submitted 2013-02-15T15:20:54
title Vulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0418 - MS13-012
version 6
refmap via4
bugtraq 20130117 Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow
cert TA13-043B
confirm
mandriva MDVSA-2013:150
ms MS13-012
Last major update 12-10-2018 - 22:03
Published 17-01-2013 - 01:55
Back to Top