Signature Detail
Short Name |
HTTP:STC:ACTIVEX:EASYMAIL-LEAK |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Document Capture EasyMail ActiveX Control Information Disclosure |
Release Date |
2011/02/09 |
Update Number |
1862 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Oracle Document Capture EasyMail ActiveX Control Information Disclosure
This signatured detects attempts to exploit a known information disclosure vulnerability in the EasyMail ActiveX control included with Oracle Document Capture. It is due to improper validation of user input within the ImportBodyTextEx(), ImportBodyText() and ImportBodyTextAlternative() methods, allowing an attacker to read any file in the affected system. Remote unauthenticated attackers can exploit this by enticing target users to visit a malicious Web page.
Extended Description
Oracle Document Capture is prone to a remote information disclosure vulnerability. The vulnerability affects the EasyMail ActiveX Control and can be exploited to retrieve the contents of arbitrary files. This vulnerability affects the following supported versions: 10.1.3.4, 10.1.3.5
Affected Products
- Oracle Document Capture 10.1.3.4
- Oracle Document Capture 10.1.3.5.0
References
- BugTraq: 45849
- CVE: CVE-2010-3595