Short Name |
HTTP:STC:ACTIVEX:EASYMAIL-LEAK |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Document Capture EasyMail ActiveX Control Information Disclosure |
Release Date |
2011/02/09 |
Update Number |
1862 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signatured detects attempts to exploit a known information disclosure vulnerability in the EasyMail ActiveX control included with Oracle Document Capture. It is due to improper validation of user input within the ImportBodyTextEx(), ImportBodyText() and ImportBodyTextAlternative() methods, allowing an attacker to read any file in the affected system. Remote unauthenticated attackers can exploit this by enticing target users to visit a malicious Web page.
Oracle Document Capture is prone to a remote information disclosure vulnerability. The vulnerability affects the EasyMail ActiveX Control and can be exploited to retrieve the contents of arbitrary files. This vulnerability affects the following supported versions: 10.1.3.4, 10.1.3.5