Added: 12/18/2006
CVE: CVE-2004-1774
BID: 10871
OSVDB: 9867
Oracle Database is a relational database solution available for multiple platforms.
A buffer overflow in the SDO_CODE_SIZE function in the MD2 component of Oracle Database allows remote attackers to execute arbitrary commands.
Apply the update referenced in Oracle Alert #68.
<http://www.kb.cert.org/vuls/id/316206>
<http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0041.html>
Exploit works on Oracle Database 10g 10.1.0.2 and requires the login and password of a valid database user.
Windows