Oracle WebCenter Capture ActiveX SetAnnotationFont buffer overflow

2013-06-2600:00:00

SAINT Corporation

www.saintcorporation.com

0.326 Low

EPSS

Percentile

97.1%

JSON

Added: 06/26/2013
CVE: CVE-2013-1516
BID: 59112
OSVDB: 92387

Background

Oracle WebCenter Capture (formerly Oracle Document Capture) is a centralized document scanning solution.

Problem

The Import Server subcomponent of Oracle WebCenter Capture is affected by a buffer overflow vulnerability. The vulnerability could allow command execution when a user loads a web page which calls the **SetAnnotationFont** method of the **BlackIceDevMode.ocx** ActiveX control with specially crafted parameters.

Resolution

Apply the update referenced in Oracle Critical Patch Update Advisory - April 2013.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-091/>

Limitations

Exploit works on Oracle WebCenter Capture 10.1.3.5.0 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn), and requires a user to open the exploit page in Internet Explorer 8 or 9.

JRE 6 must be installed on Windows 7.