Oracle Outside In CDR File Parser Stack Buffer Overflow

2011-08-05T00:00:00
ID SAINT:04ED7588C23862A9861A8C3860BC60AA
Type saint
Reporter SAINT Corporation
Modified 2011-08-05T00:00:00

Description

Added: 08/05/2011
CVE: CVE-2011-2264
BID: 48766
OSVDB: 73912

Background

Oracle Outside In is a suite of Software Development Kits (SDKs) and tools that provide functionality for reading and writing many different file formats. The Outside In SDK is embedded by multiple client and server products that need parsing of various file formats.

Problem

Outside In supports Corel Corporation's CDR file format used by the vector graphics editor CorelDRAW.

Resolution

Patches to Outside In are described in the Oracle Critical Patch Update Advisory for July 2011.

Update products that incorporate the vulnerable version of Outside In, such as Avantstar Quick View Plus when updates become available.

References

<http://secunia.com/advisories/45297>
<http://www.kb.cert.org/vuls/id/520721>

Limitations

Exploit works on Avantstar Quick View Plus 11.1.0 Standard Edition.

Platforms

Windows