Oracle Outside In CorelDRAW File Parsing Remote Code Execution Vulnerability

ID ZDI-13-001
Type zdi
Reporter Anonymous
Modified 2013-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of RIFF files. When processing a LIST record, the size field is treated as a signed integer during input validation but is then treated as an unsigned integer when copying data. This can be leveraged by a remote attacker can leverage to gain code execution under the context of the user running the application.