Vulnerabilities > CVE-2012-3214 - Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Msbulletin
| bulletin_id | MS13-013 |
| bulletin_url | |
| date | 2013-02-12T00:00:00 |
| impact | Remote Code Execution |
| knowledgebase_id | 2784242 |
| knowledgebase_url | |
| severity | Important |
| title | Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS13-013.NASL description The remote host is using a vulnerable version of FAST Search Server 2010 for SharePoint. When the Advanced Filter Pack is enabled, vulnerable versions of the Oracle Outside In libraries are used to parse files. An attacker could exploit this by uploading a malicious file to a site using FAST Search to index, which could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 64574 published 2013-02-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64574 title MS13-013: Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64574); script_version("1.13"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2012-3214", "CVE-2012-3217"); script_bugtraq_id(55977, 55993); script_xref(name:"MSFT", value:"MS13-013"); script_xref(name:"MSKB", value:"2553234"); script_xref(name:"IAVA", value:"2013-A-0044"); script_name(english:"MS13-013: Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)"); script_summary(english:"Checks version of Sccdu.dll"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by multiple code execution vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is using a vulnerable version of FAST Search Server 2010 for SharePoint. When the Advanced Filter Pack is enabled, vulnerable versions of the Oracle Outside In libraries are used to parse files. An attacker could exploit this by uploading a malicious file to a site using FAST Search to index, which could result in arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-013"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for FAST Search Server 2010."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3217"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "fast_search_server_installed.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS13-013'; kb = '2553234'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (get_kb_item('SMB/fast_search_server/prodtype') == 'forSharePoint') fast_path = get_kb_item('SMB/fast_search_server/path'); if (isnull(fast_path)) audit(AUDIT_NOT_INST, 'FAST Search Server for SharePoint'); if (fast_path[strlen(fast_path) - 1] != "\") fast_path += "\"; fast_path += 'bin'; share = fast_path[0] + '$'; if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if (hotfix_is_vulnerable(path:fast_path, file:"Sccdu.dll", version:"8.3.7.239", bulletin:bulletin, kb:kb)) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_note(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS12-080.NASL description The version of Microsoft Exchange installed on the remote host has the following vulnerabilities : - Multiple code execution vulnerabilities in the Oracle Outside In libraries, used by the WebReady Document Viewing feature of Outlook Web App (OWA). An attacker could exploit this by sending a malicious email attachment to a user who views it in OWA, resulting in arbitrary code execution as LocalService. (CVE-2012-3214, CVE-2012-3217) - A denial of service caused by Exchange improperly handling RSS feeds. An attacker with a valid email account on the Exchange server could create a specially crafted RSS feed, which could cause the system to become unresponsive and result in data corruption. (CVE-2012-4791) last seen 2020-06-01 modified 2020-06-02 plugin id 63227 published 2012-12-11 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63227 title MS12-080: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(63227); script_version("1.14"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2012-3214", "CVE-2012-3217", "CVE-2012-4791"); script_bugtraq_id(55977, 55993, 56836); script_xref(name:"MSFT", value:"MS12-080"); script_xref(name:"MSKB", value:"2746157"); script_xref(name:"MSKB", value:"2787763"); script_xref(name:"MSKB", value:"2785908"); script_name(english:"MS12-080: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)"); script_summary(english:"Checks version of transcodingservice.exe"); script_set_attribute(attribute:"synopsis", value: "The remote mail server has multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Microsoft Exchange installed on the remote host has the following vulnerabilities : - Multiple code execution vulnerabilities in the Oracle Outside In libraries, used by the WebReady Document Viewing feature of Outlook Web App (OWA). An attacker could exploit this by sending a malicious email attachment to a user who views it in OWA, resulting in arbitrary code execution as LocalService. (CVE-2012-3214, CVE-2012-3217) - A denial of service caused by Exchange improperly handling RSS feeds. An attacker with a valid email account on the Exchange server could create a specially crafted RSS feed, which could cause the system to become unresponsive and result in data corruption. (CVE-2012-4791)"); # https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?87547c81"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-080"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Exchange 2007 and 2010."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4791"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:exchange_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible'); bulletin = 'MS12-080'; kbs = make_list('2746157', '2787763', '2785908'); if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE); get_kb_item_or_exit("SMB/Registry/Enumerated"); version = get_kb_item_or_exit('SMB/Exchange/Version', exit_code:1); if (version != 80 && version != 140) audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version); sp = get_kb_item_or_exit('SMB/Exchange/SP', exit_code:1); if (version == 80) { if (sp == 3) { kb = '2746157'; ver = '8.3.283.0'; min_ver = '8.0.0.0'; } else audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2007 SP' + sp); } else if (version == 140) { if (sp == 1) { kb = '2787763'; ver = '14.1.438.0'; min_ver = '14.1.0.0'; } else if (sp == 2) { kb = '2785908'; ver = '14.2.328.9'; min_ver = '14.2.0.0'; } else audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', '2010 SP' + sp); } path = get_kb_item_or_exit('SMB/Exchange/Path', exit_code:1); path += "\ClientAccess\Owa\Bin\DocumentViewing"; match = eregmatch(string:path, pattern:'^([A-Za-z]):.+'); if (isnull(match)) exit(1, "Error parsing path (" + path + ")."); share = match[1] + '$'; if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if (hotfix_is_vulnerable(path:path, file:"transcodingservice.exe", version:ver, min_version:min_ver, bulletin:bulletin, kb:kb)) { set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE); hotfix_security_note(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
Oval
accepted 2013-01-21T04:00:39.228-05:00 class vulnerability contributors name SecPod Team organization SecPod Technologies definition_extensions comment Microsoft Exchange Server 2007 SP3 is installed oval oval:org.mitre.oval:def:15784 comment Microsoft Exchange Server 2010 SP1 is installed oval oval:org.mitre.oval:def:15339 comment Microsoft Exchange Server 2010 SP2 is installed oval oval:org.mitre.oval:def:14151
description Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. family windows id oval:org.mitre.oval:def:16178 status accepted submitted 2012-12-12T08:43:01 title Oracle Outside In Contains Multiple Exploitable Vulnerabilities-I MS12-080 version 4 accepted 2013-03-25T04:01:01.579-04:00 class vulnerability contributors name SecPod Team organization SecPod Technologies definition_extensions comment Microsoft FAST Search Server 2010 for SharePoint is installed oval oval:org.mitre.oval:def:15918 description Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. family windows id oval:org.mitre.oval:def:16500 status accepted submitted 2013-02-15T14:21:01 title Oracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3214 (MS13-013) version 4
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
- http://www.us-cert.gov/cas/techalerts/TA12-346A.html
- http://www.us-cert.gov/cas/techalerts/TA13-043B.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21660640
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-080
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-013
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16178
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16500