Vulnerabilities > CVE-2016-3578 - Unspecified vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
LOW Availability impact
LOW Summary
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS16-108.NASL |
description | The remote Microsoft Exchange Server is missing a security update. It is, therefore, affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist in the Oracle Outside In libraries. An unauthenticated, remote attacker can exploit these, via a specially crafted email, to execute arbitrary code. (CVE-2015-6014, CVE-2016-3575, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, CVE-2016-3596) - An unspecified information disclosure vulnerability exists in the Oracle Outside In libraries that allows an attacker to disclose sensitive information. (CVE-2016-3574) - Multiple denial of service vulnerabilities exists in the Oracle Outside In libraries. (CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3590) - An information disclosure vulnerability exists due to improper parsing of certain unstructured file formats. An unauthenticated, remote attacker can exploit this, via a crafted email using |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 93467 |
published | 2016-09-13 |
reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/93467 |
title | MS16-108: Security Update for Microsoft Exchange Server (3185883) |
code |
|
Seebug
bulletinFamily | exploit |
description | ### DESCRIPTION A null pointer dereference leading to process crash can occur while parsing a malformed PDF file. ### TESTED VERSIONS Oracle Outside In IX sdk 8.5.1 ### PRODUCT URLs http://www.oracle.com/technetwork/middleware/content-management/oit-all-085236.html ### DETAILS While parsing a PDF file which contains a /FlateDecode encoded stream, with a set /Predictor to a value other than 1, a malformed value for /Colors causes a NULL pointer dereference in libsc_ut.so library while de-initializing the decoder. The supplied testcase can be abbreviated to the following: ``` %PDF <</DecodeParms <</Colors 268435456 /Predictor 2 >> /Filter/FlateDecode /Length 54 /Size 60 /Type/XRef/W[1 2 1]>> stream ... startxref 116 ` ``` The invalid /Colors value , 0x100000000 in this case, causes a NULL pointer to be dereferenced during the memory read instruction. The bug can be triggered by using the `ixsample` sample application supplied with the SDK. Program state at the time of the crash: ``` 0xb7b8eb61 in IOPredictorDeInit () from /home/ea/oit_pdf/sdk/demo/libsc_ut.so eax 0x0 0 ecx 0x80b8140 134971712 edx 0x7 7 ebx 0xb7d3cb40 -1210856640 esp 0xbfffc8d0 0xbfffc8d0 ebp 0x80bc1f8 0x80bc1f8 esi 0x80b8140 134971712 edi 0x0 0 eip 0xb7b8eb61 0xb7b8eb61 <IOPredictorDeInit+45> eflags 0x10246 [ PF ZF IF RF ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 #0 0xb7b8eb61 in IOPredictorDeInit () from /home/ea/oit_pdf/sdk/demo/libsc_ut.so #1 0xb7bd98bf in IOFlateDeInit () from /home/ea/oit_pdf/sdk/demo/libsc_ut.so #2 0xb7bd9b8d in IOFlateInit () from /home/ea/oit_pdf/sdk/demo/libsc_ut.so #3 0xb7b8a14e in IOOpen () from /home/ea/oit_pdf/sdk/demo/libsc_ut.so #4 0xb74d8181 in ?? () from /home/ea/oit_pdf/sdk/demo/libvs_pdf.so #5 0xb74ec2cd in ?? () from /home/ea/oit_pdf/sdk/demo/libvs_pdf.so #6 0xb74ecee6 in VwStreamOpen () from /home/ea/oit_pdf/sdk/demo/libvs_pdf.so #7 0xb7d6ee23 in FAOpenEx () from /home/ea/oit_pdf/sdk/demo/libsc_fa.so #8 0xb7fc29bc in DAGetHFilter () from /home/ea/oit_pdf/sdk/demo/libsc_da.so #9 0xb7faac7b in EXOpenExport () from /home/ea/oit_pdf/sdk/demo/libsc_ex.so #10 0x08048a5b in main () ``` ### TIMELINE * 2016-03-27 - Discovery * 2016-04-12 - Initial Vendor Contact * 2016-07-19 - Public Disclosure |
id | SSV:96695 |
last seen | 2017-11-19 |
modified | 2017-10-16 |
published | 2017-10-16 |
reporter | Root |
title | Oracle OIT IX SDK libvs_pdf FlateDecode Colors Denial of Service Vulnerabiity(CVE-2016-3578) |
Talos
id | TALOS-2016-0100 |
last seen | 2019-05-29 |
published | 2016-07-19 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0100 |
title | Oracle OIT IX SDK libvs_pdf FlateDecode Colors Denial of Service Vulnerabiity |
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91925
- http://www.securityfocus.com/bid/91925
- http://www.securitytracker.com/id/1036370
- http://www.securitytracker.com/id/1036370
- http://www-01.ibm.com/support/docview.wss?uid=swg21988009
- http://www-01.ibm.com/support/docview.wss?uid=swg21988009
- http://www-01.ibm.com/support/docview.wss?uid=swg21988718
- http://www-01.ibm.com/support/docview.wss?uid=swg21988718