Lucene search

K
saintSAINT CorporationSAINT:5ECD51EC6FE7617FDC7F5893203BC37A
HistoryJul 17, 2012 - 12:00 a.m.

Oracle AutoVue SetMarkupMode ActiveX Overflow

2012-07-1700:00:00
SAINT Corporation
my.saintcorporation.com
43
oracle autovue
activex control
setmarkupmode
overflow
oracle
cve-2012-0549
bid: 53077
osvdb: 81439
code execution
vulnerability
update
kill bit
windows
internet explorer
jre 6.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.951

Percentile

99.4%

Added: 07/17/2012
CVE: CVE-2012-0549
BID: 53077
OSVDB: 81439

Background

Oracle AutoVue Enterprise Visualization is a suite of Oracle products designed to deliver a web-based capability to access, view, digitally annotate and collaborate on technical and business documents, without requiring specialized computer-aided design (CAD) tools. AutoVue includes tools for Electronic Design Automation (EDA), a category of software tools for designing electronic systems such as printed circuit boards and integrated circuits.

Problem

The SetMarkupMode method of an ActiveX control provided by Oracle AutoVue does not properly sanitize its input parameters. If a user with this control installed were to visit a malicious web site, this vulnerability could be exploited to gain code execution on the victim’s system.

Resolution

Apply the updates detailed in the Oracle April 2012 CPU. Or, set the kill bit for **AutoVueX.ocx** ActiveX control associated with **CLSID {B6FCC215-D303-11D1-BC6C-0000C078797F}**.

References

http://secunia.com/advisories/48875/
http://dvlabs.tippingpoint.com/advisory/TPTI-12-05

Limitations

This exploit has been tested against Oracle AutoVue 20.0.2 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). The HTML page must be opened using Internet Explorer 8 or 9 on the target. JRE 6 must be installed on Windows 7.

Platforms

Windows

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.951

Percentile

99.4%