CVE-2004-0638

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle8i; Oracle9i
Vendor: CVE Published:; 31 December 2004

Summary

Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17254

vdb-entryx_refsource_XF

http://www.oracle.com/technology/deploy/security/pdf/2004...

x_refsource_CONFIRM

http://www.idefense.com/application/poi/display?id=135&ty...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 31, 2004
Vulnerability Reserved
Jul 7, 2004