Oracle Outside In XPM Image Processing Stack Overflow

2012-09-10T00:00:00
ID SAINT:1B47EC6ADC3F9C0C55B4B45EBED0E562
Type saint
Reporter SAINT Corporation
Modified 2012-09-10T00:00:00

Description

Added: 09/10/2012

Background

Oracle Outside In is a suite of software development kits that provides developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats.

Problem

In Outside In versions 8.3.5.0 through 8.3.7, the XPM image processing method does not properly validate the value of the chars_per_pixel length string in XPM images. The value of this string is copied to a statically allocated string buffer without validating that the string can fit into the buffer, causing a stack overflow. This vulnerability may be exploited by an attacker who can convince a user of an application that uses a vulnerable version of Outside In to open a specially crafted XMP file.

Resolution

Because Outside In is an SDK, 3rd party applications distribute the libraries. Check with your application provider to make sure you are running the latest version of the affected software.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-150/>
<http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html>

Limitations

This exploit has been tested against Avantstar Quick View Plus 12.0.0 Standard Edition on Windows XP SP3 English (DEP OptIn).

Platforms

Windows