Lucene search
Andrea Micalizzi aka rgodZDI-13-094HistoryMay 29, 2013 - 12:00 a.m.
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX coao/openWebdav Remote Code Execution Vulnerability
2013-05-2900:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
19
0.971 High
EPSS
Percentile
99.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebCenter Content. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CheckOutAndOpen.dll ActiveX control’s coao and openWebdav methods. By specifying a carefully constructed path an attacker can force the contents of the file to be passed to ShellExecuteExW. An attacker can leverage this vulnerability to execute code under the context of the current user.
Related
packetstorm
packetstorm
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution
2013-06-02 00:00:00
nvd
nvd
CVE-2013-1559
2013-04-17 12:19:45
saint
saint
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Control Vulnerability
2013-08-19 00:00:00
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Control Vulnerability
2013-08-19 00:00:00
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Control Vulnerability
2013-08-19 00:00:00
prion
prion
Design/Logic Flaw
2013-04-17 12:19:00
cve
cve
CVE-2013-1559
2013-04-17 12:19:45
checkpoint_advisories
checkpoint_advisories
zdt
zdt
Oracle WebCenter Content CheckOutAndOpen.dll ActiveX RCE
2013-06-03 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_COAO
2013-04-17 12:19:00
cvelist
cvelist
CVE-2013-1559
2013-04-17 12:10:00
nessus
nessus
Oracle WebCenter Content (April 2013 CPU)
2013-08-20 00:00:00
securityvulns
securityvulns
oracle
oracle
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00