SAINT CorporationSAINT:2F88A3D137295F2BA02D21413BACBF4BOracle WebCenter Capture ActiveX SetAnnotationFont buffer overflow
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.326 Low
EPSS
Percentile
97.1%
Added: 06/26/2013
CVE: CVE-2013-1516
BID: 59112
OSVDB: 92387
Background
Oracle WebCenter Capture (formerly Oracle Document Capture) is a centralized document scanning solution.
Problem
The Import Server subcomponent of Oracle WebCenter Capture is affected by a buffer overflow vulnerability. The vulnerability could allow command execution when a user loads a web page which calls the **SetAnnotationFont** method of the **BlackIceDevMode.ocx** ActiveX control with specially crafted parameters.
Resolution
Apply the update referenced in Oracle Critical Patch Update Advisory - April 2013.
References
<http://www.zerodayinitiative.com/advisories/ZDI-13-091/>
Limitations
Exploit works on Oracle WebCenter Capture 10.1.3.5.0 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn), and requires a user to open the exploit page in Internet Explorer 8 or 9.
JRE 6 must be installed on Windows 7.
Platforms
Windows
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.326 Low
EPSS
Percentile
97.1%