Security Bulletin: Vulnerabilities in Content Classification due to security vulnerabilities in Oracle Outside In Technology and Oracle Java Development Kits

Summary

Security vulnerabilities in Oracle Outside In Technology and Oracle Java Development Kits (JDKs) can affect the security of IBM Content Classification, also known as IBM InfoSphere Classification Module.

Vulnerability Details

CVE ID:CVE-2013-5791
.
DESCRIPTION:
The Oracle Outside In Microsoft Access 1.x database file parser is vulnerable to a stack-based buffer overflow. A remote attacker could exploit this vulnerability using a specially-crafted file to overflow a buffer and execute arbitrary code on the system with the privileges of the vulnerability application or victim user.

_CVSS Base 10
CVSS Temporal Score _See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87925&gt;_ for the current score
CVSS Environmental Score Undefined
CVSS Vector _(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID:CVE-2013-5843

DESCRIPTION:
A maliciously crafted font file can lead to a double free, which in turn could allow untrusted code to disable the security manager and execute arbitrary code. In a server context, the double free would crash the JVM process, so it could be used to launch a denial of service attack. The fix corrects the font parsing code to prevent the double free.

CVSS Base Score 10
CVSS Temporal Score_ See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87971&gt; for the current score
CVSS Environmental Score Undefined
CVSS Vector _(AV/N:AC/L:Au/N:C/C:I/C:A/C)

Affected Products and Versions

IBM Content Classification Versions 8.7 and 8.8

Remediation/Fixes

Fixes are available in Interim Fix 2. Click one of the following links for instructions on downloading and installing Interim Fix 2:

• For version 8.7: IBM InfoSphere Classification Module Version 8.7 Interim Fix 2
• For version 8.8: IBM Content Classification Version 8.8 Interim Fix 2.

Workarounds and Mitigations

None. Install the interim fix.