Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:5041480F77B9A8B9C44B9CB9BA67AD02
HistoryFeb 03, 2012 - 12:00 a.m.

Oracle Outside In Library OOXML Overflow

2012-02-0300:00:00
SAINT Corporation
download.saintcorporation.com
28

0.157 Low

EPSS

Percentile

96.0%

JSON

Added: 02/03/2012
CVE: CVE-2012-0110
BID: 51452
OSVDB: 78411

Background

Oracle Outside In is a a suite of software development kits that allows developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats.

Problem

Outside In versions 8.3.5 through 8.3.7 fail to properly validate fields in OpenOffice XML (OOXML) documents. If a user opens a malicious OOXML document in a piece of software that uses the vulnerable SDK, an attacker could take over execution of the target’s system.

Resolution

Because Outside In is an SDK, 3rd party applications distribute the libraries. Check with your application provider to make sure you are running the latest version of the affected software.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-017/&gt;
<http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html&gt;
<http://www.kb.cert.org/vuls/id/738961&gt;

Limitations

This exploit has been tested against Avantstar Quick View Plus 11.1.0 Standard Edition and ACD Systems Canvas 12 running on Windows XP SP3 English (DEP OptIn). The ‘zip’ utility must be installed on the system that is running the exploit.

Platforms

Avantstar Quick View Plus 11.1.0 Standard
ACD Systems Canvas 12

Related

checkpoint_advisories 1
prion 1
cvelist 1
cve 1
cisa 1
saint 3
cert 1
nessus 2
nvd 1
securityvulns 1
oracle 1
checkpoint_advisories
checkpoint_advisories
Oracle Outside In Lotus 1-2-3 Heap Buffer Overflow (CVE-2012-0110)
2012-05-14 00:00:00
prion
prion
Buffer overflow
2012-01-18 22:55:00
cvelist
cvelist
CVE-2012-0110
2012-01-18 22:00:00
cve
cve
CVE-2012-0110
2012-01-18 22:55:06
cisa
cisa
Oracle Releases Critical Patch Update for January 2012
2012-01-18 00:00:00
saint
saint
Oracle Outside In Library OOXML Overflow
2012-02-03 00:00:00
Oracle Outside In Library OOXML Overflow
2012-02-03 00:00:00
Oracle Outside In Library OOXML Overflow
2012-02-03 00:00:00
cert
cert
Oracle Outside In contains an exploitable vulnerability in Lotus 123 v4 parser
2012-01-18 00:00:00
nessus
nessus
Novell GroupWise / Oracle Outside In Lotus 123 v4 Parser Unspecified Remote Code Execution
2012-03-28 00:00:00
Symantec Enterprise Vault / Oracle Outside In Multiple Vulnerabilities (SYM12-004)
2012-03-28 00:00:00
nvd
nvd
CVE-2012-0110
2012-01-18 22:55:06
securityvulns
securityvulns
Oracle / Sun / People Soft / MySQL applications multiple security vulnerabilities
2012-03-10 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2012
2012-01-17 00:00:00

0.157 Low

EPSS

Percentile

96.0%

JSON
Related for SAINT:5041480F77B9A8B9C44B9CB9BA67AD02
checkpoint_advisories1prion1cvelist1cve1cisa1saint3cert1nessus2nvd1securityvulns1oracle1