Vulnerabilities > CVE-2012-0549 - Unspecified vulnerability in Oracle Supply Chain products Suite 20.1.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow. CVE-2012-0549. Remote exploit for windows platform |
| id | EDB-ID:20297 |
| last seen | 2016-02-02 |
| modified | 2012-08-06 |
| published | 2012-08-06 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/20297/ |
| title | Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow |
Metasploit
| description | This module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass). |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/ORACLE_AUTOVUE_SETMARKUPMODE |
| last seen | 2020-03-19 |
| modified | 2020-02-18 |
| published | 2012-08-05 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb |
| title | Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/115324/oracle_autovue_setmarkupmode.rb.txt |
| id | PACKETSTORM:115324 |
| last seen | 2016-12-05 |
| published | 2012-08-07 |
| reporter | juan vazquez |
| source | https://packetstormsecurity.com/files/115324/Oracle-AutoVue-ActiveX-Control-SetMarkupMode-Buffer-Overflow.html |
| title | Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow |
Saint
| bid | 53077 |
| description | Oracle AutoVue SetMarkupMode ActiveX Overflow |
| osvdb | 81439 |
| title | oracle_autovue_setmarkupmode_activex |
| type | client |
References
- http://secunia.com/advisories/48875
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
- http://www.securitytracker.com/id?1026937
- http://secunia.com/advisories/48875
- http://www.securitytracker.com/id?1026937
- http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150