Signature Detail
Short Name |
HTTP:ORACLE:OUTSIDE-IN-MSACCESS |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Outside In Microsoft Access 1.x Parser Buffer Overflow |
Release Date |
2013/12/18 |
Update Number |
2328 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Oracle Outside In Microsoft Access 1.x Parser Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Oracle Outside-In Microsoft Access 1.x database files (.mdb) Parser. A successful attack can lead to arbitrary code execution.
Extended Description
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, and that attackers might be able to execute arbitrary code.
Affected Products
- oracle fusion_middleware 8.4
- oracle fusion_middleware 8.4.1
References
- BugTraq: 63076
- CVE: CVE-2013-5791