Remote Code Execution Vulnerability in Oracle Secure Backup by Oracle
CVE-2009-1978

Currently unrated

Key Information:

Vendor: Oracle
Status: Secure Backup
Vendor: CVE Published:; 14 July 2009

Summary

An unspecified vulnerability exists in the Oracle Secure Backup component, specifically affecting version 10.2.0.3. This flaw potentially allows remote attackers to compromise confidentiality, integrity, and availability through various unknown vectors. An independent research claim suggests that remote authenticated users may exploit this vulnerability to execute arbitrary code with SYSTEM privileges, particularly via interactions with the property_box.php script.

References

http://secunia.com/advisories/35776

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/55904

vdb-entryx_refsource_OSVDB

http://www.zerodayinitiative.com/advisories/ZDI-09-059/

x_refsource_MISC

EPSS Score

84% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 14, 2009
Vulnerability Reserved
Jun 8, 2009