Oracle Hyperion Financial Management is a web-based financial consolidation, reporting and analysis solution.
Hyperion Financial Management webapp installs an ActiveX control on the target system. This control is marked as safe for scripting and initialization, which allows any website to utilize it. The SaveData function does not perform adequate file type and directory validation. A malicious attacker may write a file of their choice to a location of their choice on the victim's computer.
No update is available for this vulnerability at the time of publishing this exploit. The ActiveX control can have its kill bit set by following the instruction detailed here. Please note that this may prevent the web client from functioning properly.
This exploit has been tested against Oracle Hyperion Financial Management 188.8.131.52.0 on Windows XP SP3 English (DEP OptIn).