10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
73.9%
Added: 11/07/2006
CVE: CVE-2005-3438
BID: 15134
OSVDB: 20612
pbsde is a package of stored procedures which is part of the base installation of Oracle Database.
A buffer overflow in the **sys.pbsde.init**
procedure allows database users to execute arbitrary commands.
Apply the patch referenced in the October 2005 Critical Patch Update.
<http://www.us-cert.gov/cas/techalerts/TA05-292A.html>
<http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0430.html>
Exploit works on Oracle Database 10g 10.1.0.2 and requires the login and password of a valid database account.
Windows