7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
Added: 12/18/2006
CVE: CVE-2004-1774
BID: 10871
OSVDB: 9867
Oracle Database is a relational database solution available for multiple platforms.
A buffer overflow in the SDO_CODE_SIZE function in the MD2 component of Oracle Database allows remote attackers to execute arbitrary commands.
Apply the update referenced in Oracle Alert #68.
<http://www.kb.cert.org/vuls/id/316206>
<http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0041.html>
Exploit works on Oracle Database 10g 10.1.0.2 and requires the login and password of a valid database user.
Windows