Buffer Overflow in Oracle 10g MD2 Package
CVE-2004-1774

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Application Server
Vendor: CVE Published:; 31 August 2004

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2004-1774?

A buffer overflow vulnerability exists in the SDO_CODE_SIZE procedure of the MD2 package in Oracle 10g. This flaw allows local users to potentially execute arbitrary code by exploiting a long LAYER parameter. Users are advised to upgrade to at least version 10.1.0.2 Patch 2 to mitigate the risk posed by this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2004-1774 - Proof of Concept

References

http://www.appsecinc.com/resources/alerts/oracle/2004-0001/

x_refsource_MISC

http://www.securiteam.com/securitynews/5CP010KE0W.html

x_refsource_MISC

http://lists.grok.org.uk/pipermail/full-disclosure/2004-S...

mailing-listx_refsource_FULLDISC

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Apr 19, 2005
🟡
Public PoC available
Aug 31, 2004
👾
Exploit known to exist
Aug 31, 2004
Vulnerability published
Aug 31, 2004

CVE-2004-1774 Data

JSON