Lucene search
Francis Provencher From Protek Research Lab'sZDI-13-091HistoryMay 29, 2013 - 12:00 a.m.
Oracle Document Capture BlackIceDevMode.ocx ActiveX Remote Code Execution Vulnerability
2013-05-2900:00:00
Francis Provencher From Protek Research Lab's
www.zerodayinitiative.com
13
0.326 Low
EPSS
Percentile
97.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Document Capture. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BlackIceDevMode.ocx ActiveX control. This component performs insufficient bounds checking on user-supplied data passed in the SetAnnotationFont() method which results in stack corruption. This corruption can be leveraged to achieve code execution under the context of the process.
Related
saint
saint
Oracle WebCenter Capture ActiveX SetAnnotationFont buffer overflow
2013-06-26 00:00:00
Oracle WebCenter Capture ActiveX SetAnnotationFont buffer overflow
2013-06-26 00:00:00
Oracle WebCenter Capture ActiveX SetAnnotationFont buffer overflow
2013-06-26 00:00:00
attackerkb
attackerkb
cve
cve
CVE-2013-1516
2013-04-17 12:19:44
checkpoint_advisories
checkpoint_advisories
prion
prion
Design/Logic Flaw
2013-04-17 12:19:00
cvelist
cvelist
CVE-2013-1516
2013-04-17 12:10:00
nvd
nvd
CVE-2013-1516
2013-04-17 12:19:44
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00
securityvulns
securityvulns