CVE-2004-1774

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Application Server
Vendor: CVE Published:; 31 August 2004

Summary

Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.

References

http://www.appsecinc.com/resources/alerts/oracle/2004-0001/

x_refsource_MISC

http://www.securiteam.com/securitynews/5CP010KE0W.html

x_refsource_MISC

http://lists.grok.org.uk/pipermail/full-disclosure/2004-S...

mailing-listx_refsource_FULLDISC

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Apr 19, 2005
Vulnerability published
Aug 31, 2004