Buffer Overflow Vulnerability in Oracle Application Server by Oracle
CVE-2009-1011

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server
Vendor: CVE Published:; 15 April 2009

Summary

An unspecified vulnerability exists within the Outside In Technology component of Oracle Application Server, specifically in versions 8.2.2 and 8.3.0. This issue may allow local users to compromise data confidentiality, integrity, and availability. It is associated with multiple integer overflows that occur when parsing optional data streams in Microsoft Office files, potentially leading to a heap-based buffer overflow vulnerability. The implications of exploitation can significantly affect the security posture of systems utilizing these versions of Oracle's software.

References

http://www.securitytracker.com/id?1022055

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/34461

vdb-entryx_refsource_BID

http://secunia.com/advisories/34693

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 15, 2009
Vulnerability Reserved
Mar 19, 2009