Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAbdulAziz HaririZDI-12-099
HistoryJun 21, 2012 - 12:00 a.m.

DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability

2012-06-2100:00:00
AbdulAziz Hariri
www.zerodayinitiative.com
4

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of DataDirect SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application parses a packet that is received. When parsing a field in this packet, the application will use a signed length to copy data into a statically sized buffer located on the heap. This can lead to a heap-based buffer overflow and allows for code execution under the context of the service.

Related

securityvulns 3
prion 1
cve 1
securityvulns
securityvulns
ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability
2012-06-24 00:00:00
[security bulletin] HPSBMU02731 SSRT100518 rev.1 - HP Database Archiving Software, Remote Execution of Arbitrary Code
2012-01-09 00:00:00
HP DataDirect OpenAccess security vulnerabilities
2012-06-24 00:00:00
prion
prion
Design/Logic Flaw
2011-12-29 19:55:00
cve
cve
CVE-2011-4165
2011-12-29 19:55:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.932 High

EPSS

Percentile

99.0%

JSON
Related for ZDI-12-099
securityvulns3prion1cve1