Added: 02/06/2009
CVE: CVE-2008-3974
BID: 33177
OSVDB: 51347
The Online Analytical Processing (OLAP) component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries.
A buffer overflow vulnerability in the ODCITABLESTART function allows command execution using a specially crafted SQL query.
Apply the Oracle Critical Patch Update for January 2009.
<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html>
Exploit works on Oracle Database 9i 9.0.2.1.
This exploit requires the login and password of a database account with EXECUTION privilege on the SYS.OLAPIMPL_T package. The default “scott” user has sufficient privilege.
Windows