what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

CVE-2018-3103

Status Candidate

Overview

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).

Related Files

Oracle Outside In 8.5.3 Denial Of Service
Posted Jul 20, 2018
Authored by Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered multiple vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). An error in the vsxl5.dll when processing GelFrame objects can be exploited to cause a out-of-bounds read memory access. An integer underflow error in the vsxl5.dll can be exploited to cause an out-of-bounds read memory access. An error when processing "Body" element of HTML file can be exploited to cause a null pointer dereference. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to cause a null pointer dereference. An error in the vswk6.dll can be exploited to cause an out-of-bounds read memory access. An error within the "readChartStyles()" function (vswk6.dll) can be exploited to trigger an infinite loop. An error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. Another error within the vswk6.dll can be exploited to disclose uninitialized memory or cause a crash. The vulnerabilities are confirmed in version 8.5.3. Other versions may also be affected.

tags | advisory, denial of service, vulnerability
advisories | CVE-2018-2992, CVE-2018-3009, CVE-2018-3093, CVE-2018-3094, CVE-2018-3095, CVE-2018-3096, CVE-2018-3097, CVE-2018-3098, CVE-2018-3103, CVE-2018-3104
SHA-256 | 473015367ef0eea0a25f5af5e93b268a8c2b94f4c278fb37d6fab71b2071ad79
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close