Vulnerabilities > CVE-2012-0110 - Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Windows NASL id SYMANTEC_ENTERPRISE_VAULT_SYM12-004.NASL description The version of Symantec Enterprise Vault installed on the remote host uses a version of the Oracle Outside In libraries that contain multiple memory corruption vulnerabilities. A remote attacker could exploit these by sending an email with a malicious attachment, which could result in arbitrary code execution when it is processed for archiving. last seen 2020-06-01 modified 2020-06-02 plugin id 58514 published 2012-03-28 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58514 title Symantec Enterprise Vault / Oracle Outside In Multiple Vulnerabilities (SYM12-004) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58514); script_version("1.15"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2012-0110", "CVE-2011-4516", "CVE-2011-4517"); script_bugtraq_id(50992, 51452); script_xref(name:"CERT", value:"738961"); script_xref(name:"CERT", value:"887409"); script_name(english:"Symantec Enterprise Vault / Oracle Outside In Multiple Vulnerabilities (SYM12-004)"); script_summary(english:"Checks version of EVConverterSandbox.exe."); script_set_attribute(attribute:"synopsis", value: "An archiving application installed on the remote host has multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Symantec Enterprise Vault installed on the remote host uses a version of the Oracle Outside In libraries that contain multiple memory corruption vulnerabilities. A remote attacker could exploit these by sending an email with a malicious attachment, which could result in arbitrary code execution when it is processed for archiving."); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a0f26f4"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11da589e"); script_set_attribute(attribute:"solution", value: "Apply the relevant hotfix referenced in SYM12-004."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/a:symantec:enterprise_vault"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("symantec_enterprise_vault_installed.nasl"); script_require_keys("SMB/enterprise_vault/path", "SMB/enterprise_vault/ver"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); function pretty() { local_var match, ver; ver = _FCT_ANON_ARGS[0]; match = eregmatch(string:ver, pattern:"^([0-9.]+)\.([0-9]+)$"); if (isnull(match)) exit(1, "Error parsing version ('" + ver + "')."); return match[1] + " build " + match[2]; } path = get_kb_item_or_exit("SMB/enterprise_vault/path"); ver = get_kb_item_or_exit("SMB/enterprise_vault/ver"); if (ver =~ "^9\.0\.0\.") fix = "9.0.0.1257"; else if (ver =~ "^9\.0\.1\.") fix = "9.0.1.1112"; else if (ver =~ "^9\.0\.2\.") fix = "9.0.2.1218"; else if (ver =~ "^9\.0\.3\.") fix = "9.0.3.1222"; else if (ver =~ "^10\.0\.0\.") fix = "10.0.0.1334"; if (!isnull(fix) && ver_compare(ver:ver, fix:fix, strict:FALSE) < 0) { port = get_kb_item("SMB/transport"); if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + pretty(ver) + '\n Fixed version : ' + pretty(fix) + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else exit(0, "The Symantec Enterprise Vault " + ver + " install in "+path+" is not affected.");
NASL family Windows NASL id GROUPWISE_CVE-2012-0110.NASL description The version of Novell GroupWise installed on the remote host uses a version of the Oracle Outside In library that has a flaw in its Lotus 123 v4 parser that could lead to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 58513 published 2012-03-28 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58513 title Novell GroupWise / Oracle Outside In Lotus 123 v4 Parser Unspecified Remote Code Execution code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58513); script_version("1.13"); script_cvs_date("Date: 2018/07/13 15:08:46"); script_cve_id("CVE-2012-0110"); script_bugtraq_id(51452); script_xref(name:"CERT", value:"738961"); script_name(english:"Novell GroupWise / Oracle Outside In Lotus 123 v4 Parser Unspecified Remote Code Execution"); script_summary(english:"Checks version of vswk4.dll"); script_set_attribute(attribute:"synopsis", value: "A messaging and collaboration application installed on the remote host has a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The version of Novell GroupWise installed on the remote host uses a version of the Oracle Outside In library that has a flaw in its Lotus 123 v4 parser that could lead to arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?11da589e"); script_set_attribute(attribute:"solution", value:"Contact the vendor for a patch."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/03/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:novell:groupwise"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_dependencies("groupwise_client_installed.nasl"); script_require_keys("SMB/Novell GroupWise Client/Path"); script_require_ports(139, 445); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("smb_func.inc"); include("audit.inc"); base = get_kb_item_or_exit("SMB/Novell GroupWise Client/Path"); bases = make_list(base); # Connect to the appropriate share. name = kb_smb_name(); port = kb_smb_transport(); #if (!get_port_state(port)) exit(0, "Port " + port + " is not open."); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); # Try to connect to server. #soc = open_sock_tcp(port); #if (!soc) exit(1, "Failed to open a socket on port " + port + "."); #session_init(socket:soc, hostname:name); if(!smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init'); # Connect to IPC share. rc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$"); if (rc != 1) { NetUseDel(); exit(1, "Failed to connect to IPC share."); } # Connect to remote registry. hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE); if (isnull(hklm)) { NetUseDel(); exit(1, "Failed to connect to the remote registry."); } # Get the location the software was installed at. key = "SOFTWARE\Novell\GroupWiseAgents\CurrentVersion"; key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED); if (!isnull(key_h)) { item = RegQueryValue(handle:key_h, item:"Pathname"); if (!isnull(item)) { base = ereg_replace(string:item[1], pattern:"^(.+)\\[^\\]*$", replace:"\1"); bases = make_list(bases, base); } RegCloseKey(handle:key_h); } RegCloseKey(handle:hklm); report = ""; foreach base (bases) { # Clean up previous connection. NetUseDel(close:FALSE); # Split the software's location into components. share = ereg_replace(string:base, pattern:"^([A-Za-z]):.*", replace:"\1$"); dir = ereg_replace(string:base, pattern:"^[A-Za-z]:(.*)", replace:"\1"); path = "\vswk4.dll"; # Connect to the share software is installed on. NetUseDel(close:FALSE); rc = NetUseAdd(login:login, password:pass, domain:domain, share:share); if (rc != 1) continue; # Try to open the affected DLL. fh = CreateFile( file:dir + path, desired_access:GENERIC_READ, file_attributes:FILE_ATTRIBUTE_NORMAL, share_mode:FILE_SHARE_READ, create_disposition:OPEN_EXISTING ); if (isnull(fh)) continue; # Parse the version information from DLL. ver = GetFileVersion(handle:fh); CloseFile(handle:fh); if (isnull(ver)) { NetUseDel(); exit(1, "Failed to read the version number from " + base + path + "."); } ver = join(ver, sep:"."); fix = NULL; if (ver =~ "^8\.3\.5\.") fix = "8.3.5.6195"; else if (ver =~ "^8\.3\.7\.") fix = "8.3.7.77"; if (!fix || ver_compare(ver:ver, fix:fix) >= 0) continue; report += '\n Path : ' + base + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; } # Clean up. NetUseDel(); if (report == "") exit(0, "The relevant DLLs in the Novell GroupWise install(s) are not affected."); # Report our findings. if (report_verbosity > 0) security_warning(port:port, extra:report); else security_warning(port);
Saint
bid | 51452 |
description | Oracle Outside In Library OOXML Overflow |
osvdb | 78411 |
title | oracle_outsidein_library_ooxml_overflow |
type | client |