CVE-2011-0794

2011-04-2003:14:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

oracle

outside in

technology

vulnerability

confidentiality

integrity

availability

fusion middleware

cve-2011-0794

nvd

5.4 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

25.1%

JSON

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats.

CPENameOperatorVersion
oracle:fusion_middlewareoracle fusion middlewareeq8.3.5.0

CPE	Name	Operator	Version
oracle:fusion_middleware	oracle fusion middleware	eq	8.3.5.0

References

secunia.com/advisories/44295

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa

www-01.ibm.com/support/docview.wss?uid=swg21660640

www.kb.cert.org/vuls/id/520721

www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309

www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

www.securityfocus.com/bid/47437