CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.0%
Added: 02/03/2012
CVE: CVE-2012-0110
BID: 51452
OSVDB: 78411
Oracle Outside In is a a suite of software development kits that allows developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats.
Outside In versions 8.3.5 through 8.3.7 fail to properly validate fields in OpenOffice XML (OOXML) documents. If a user opens a malicious OOXML document in a piece of software that uses the vulnerable SDK, an attacker could take over execution of the target’s system.
Because Outside In is an SDK, 3rd party applications distribute the libraries. Check with your application provider to make sure you are running the latest version of the affected software.
<http://www.zerodayinitiative.com/advisories/ZDI-12-017/>
<http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html>
<http://www.kb.cert.org/vuls/id/738961>
This exploit has been tested against Avantstar Quick View Plus 11.1.0 Standard Edition and ACD Systems Canvas 12 running on Windows XP SP3 English (DEP OptIn). The ‘zip’ utility must be installed on the system that is running the exploit.
Avantstar Quick View Plus 11.1.0 Standard
ACD Systems Canvas 12