CVE-2009-1011 - Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2

CVE-2009-1011

Summary

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:oracle:application_server:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:8.3.0:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 14-01-2014 - 03:46)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	34461
cert	TA09-105A
confirm	http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html
idefense	20090515 Multiple Vendor Outside In Multiple Integer Overflow Vulnerabilities
osvdb	53750
sectrack	1022055
secunia	34693

Last major update

14-01-2014 - 03:46

Published

15-04-2009 - 10:30

Last modified

14-01-2014 - 03:46