CVE-2005-2372

Currently unrated

Key Information:

Vendor: Oracle
Status: Forms
Vendor: CVE Published:; 26 July 2005

Summary

Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet.

References

http://www.red-database-security.com/advisory/oracle_form...

x_refsource_MISC

http://marc.info/?l=bugtraq&m=112180805413784&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jul 26, 2005
Vulnerability Reserved
Jul 26, 2005