Oracle Database Server includes the
**DBMS_XMLSCHEMA** component, which contains procedures for managing XML schemas.
A buffer overflow vulnerability in the
**DBMS_XMLSCHEMA.GENERATESCHEMA** procedure allows database users to execute arbitrary commands.
Install the patch referenced in the January 2006 Critical Patch Update.
Exploit works on Oracle Database 10.1.0.2 and 220.127.116.11 and requires the login and password to an Oracle account with connect privileges.