Oracle WebCenter Content is an open platform that allows users to create a vast range of content management applications. It consolidates unstructured content from across diverse systems so it can be centrally managed and then exposes it from within desktop productivity tools, business applications, and mobile devices.
Oracle WebCenter Content Server contains a flaw in the
**CheckOutAndOpen.dll** ActiveX control which is triggered when user-controlled input is passed to the openWebdav method. An attacker who persuades a vulnerable user to open a specially crafted web page could execute arbitrary code in the context of the user.
Apply the update referenced in Oracle Critical Patch Update Advisory - April 2013.
This exploit was tested against Oracle WebCenter Content 220.127.116.11.0 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The user must open the exploit in Internet Explorer 8 or 9.