Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite

2012-05-02T00:00:00
ID SAINT:CFC6EA2B6A570F422C1C957C243AD622
Type saint
Reporter SAINT Corporation
Modified 2012-05-02T00:00:00

Description

Added: 05/02/2012
CVE: CVE-2012-1710
BID: 53062
OSVDB: 81366

Background

Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition (OFR) is an intelligent data capture solution that integrates with WebCenter Imaging.

Problem

Oracle Forms Recognition (OFR) installs an ActiveX control named Sssplt30.ocx on the systems of its users. In OFR versions 10.1.3.5 and prior, the Save method of the SSSplitter control does not properly validate the parameters. An attacker can leverage this weakness and construct a malicious SSSplitter object, then save it to a location of their choice. This may result in the attacker gaining full execution access on the target's system.

Resolution

Apply the updates suggested in the vendor advisory.

References

<http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html>
<http://www.zerodayinitiative.com/advisories/ZDI-12-074/>

Limitations

This exploit has been tested against Oracle WebCenter Forms Recognition 10.1.3.5 on Windows XP SP3 English (DEP OptIn). The system must be rebooted before the payload is executed.

Platforms

Windows