CVE-2011-0794 - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware

CVE-2011-0794

Summary

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats.

References

Vulnerable Configurations

cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 25-05-2016 - 18:34)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	47437
cert-vn	VU#520721
cisco	20111026 Cisco Security Agent Remote Code Execution Vulnerabilities
confirm	http://www-01.ibm.com/support/docview.wss?uid=swg21660640 http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
secunia	44295

Last major update

25-05-2016 - 18:34

Published

20-04-2011 - 03:14

Last modified

25-05-2016 - 18:34