Vulnerabilities > CVE-2012-0549 - Unspecified vulnerability in Oracle Supply Chain products Suite 20.1.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

oracle

exploit available

metasploit

NVD

Published: 2012-05-03

Updated: 2017-12-07

Summary

Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Supply Chain Products Suite 20.1.1	1

Exploit-Db

description	Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow. CVE-2012-0549. Remote exploit for windows platform
id	EDB-ID:20297
last seen	2016-02-02
modified	2012-08-06
published	2012-08-06
reporter	metasploit
source	https://www.exploit-db.com/download/20297/
title	Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow

Metasploit

description	This module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
id	MSF:EXPLOIT/WINDOWS/BROWSER/ORACLE_AUTOVUE_SETMARKUPMODE
last seen	2020-03-19
modified	2020-02-18
published	2012-08-05
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0549 http://dvlabs.tippingpoint.com/advisory/TPTI-12-05 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html https://blog.rapid7.com/2012/08/15/the-stack-cookies-bypass-on-cve-2012-0549
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb
title	Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow

Packetstorm

data source	https://packetstormsecurity.com/files/download/115324/oracle_autovue_setmarkupmode.rb.txt
id	PACKETSTORM:115324
last seen	2016-12-05
published	2012-08-07
reporter	juan vazquez
source	https://packetstormsecurity.com/files/115324/Oracle-AutoVue-ActiveX-Control-SetMarkupMode-Buffer-Overflow.html
title	Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow

Saint

bid	53077
description	Oracle AutoVue SetMarkupMode ActiveX Overflow
osvdb	81439
title	oracle_autovue_setmarkupmode_activex
type	client

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Packetstorm

Saint

References