CVE-2010-3599 - Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.

CVE-2010-3599

Summary

Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.

References

Vulnerable Configurations

cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware:10.1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware:10.1.3.5:*:*:*:*:*:*:*

CVSS

Base:	9.4 (as of 10-10-2018 - 20:04)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:C/A:C

refmap via4

bid	45856
bugtraq	20110125 [DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow
confirm	http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
misc	http://dsecrg.com/pages/vul/show.php?id=306
sectrack	1024981
secunia	42976
vupen	ADV-2011-0143
xf	oracle-document-importserver-unauth-access(64767)

Last major update

10-10-2018 - 20:04

Published

19-01-2011 - 16:00

Last modified

10-10-2018 - 20:04