Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 DB:ORACLE:FUSION-XLS-IO

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 DB

Keywords

 Oracle Fusion Middleware Outside In Excel File Parsing Integer Overflow

Release Date

 2012/09/07

Update Number

 2183

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DB: Oracle Fusion Middleware Outside In Excel File Parsing Integer Overflow


An integer overflow vulnerability exists in Oracle Outside In. The vulnerability is due to improper parsing of Excel files. When handling TxO records the code improperly wraps an integer value. This will result in an integer overflow causing a heap-based buffer overflow. A remote unauthenticated attacker can exploit this vulnerability by causing an application that uses the vulnerable library to handle a malformed Excel file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.

References

  • URL: http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out