فا

‫ Oracle Data Quality ActiveX Controls Multiple Vulnerabilities

ID: IRCAD2015043901
Release Date: 2015-04-23
Criticality level: Highly critical
Software:
Oracle Fusion Middleware 11g
Description:
Multiple vulnerabilities have been reported in Oracle Data Quality, which can be exploited by malicious people to compromise a user's system
1) A type confusion error in the "DataPreview()" method within the TSS12.LoaderWizard.lwctrl ActiveX control can be exploited to execute arbitrary code.
2) A use-after-free error in the onloadstatechange handler within the TSS12.DscXB.XB ActiveX control can be exploited to execute arbitrary code.
3) A type confusion error in the "SetEntities()" method within the TSS12.LoaderWizard.lwctrl ActiveX control can be exploited to execute arbitrary code.
4) An error related to DLL reference handling within the TSS12.LoaderWizard.lwctrl ActiveX control can be exploited to execute arbitrary code.
The vulnerabilities are reported in Oracle Data Quality version 11.1.1.3.0. Other versions may also be affected.
Solution
Please contact Oracle support for a fix.
References:
ZDI:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 9 خرداد 1394

امتیاز

امتیاز شما
تعداد امتیازها: 0