Oracle GENERATESCHEMA Buffer Overflow Exploit

ID 1337DAY-ID-22628
Type zdt
Reporter duke
Modified 2014-09-11T00:00:00


This Exploit a buffer overflow in Oracle10g. When sending a specially formatted query to the GENERATESCHEMA function in the XDB.DBMS_XMLSCHEMA package, an attacker may be able to execute arbitrary code. NOTE: For targets running DEP, you will need to choose target 0 then rexploit with target 1. The first query will disable DEP fro the ORACLE.EXE process. The following product versions are affected: * Oracle Database 10g Release 2, version * Oracle Database 10g Release 1, versions,, * Oracle9i Database Release 2, versions, * Oracle8i Database Release 3, version * Oracle Enterprise Manager 10g Grid Control, versions, * Oracle Application Server 10g Release 2, versions,,, * Oracle Application Server 10g Release 1 (9.0.4), versions, * Oracle Collaboration Suite 10g Release 1, versions 10.1.1, 10.1.2 * Oracle9i Collaboration Suite Release 2, version * Oracle E-Business Suite Release 11i, versions 11.5.1 through 11.5.10 CU2 * Oracle E-Business Suite Release 11.0 * PeopleSoft Enterprise Portal, versions 8.4, 8.8, 8.9 * JD Edwards EnterpriseOne Tools, OneWorld Tools, versions 8.95.F1, SP23_L1 * Oracle Database 10g Release 1, version * Oracle Developer Suite, versions 6i,,,, * Oracle Workflow, versions 11.5.1 through * Oracle9i Database Release 1, versions,, FIPS * Oracle8 Database Release 8.0.6, version * Oracle9i Application Server Release 1, version Oracle has provided no specifics regarding the nature of these vulnerabilities.

This is private exploit. You can buy it at