CVE-2009-1011 Information
Description
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality integrity and availability related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file leading to a heap-based buffer overflow.
Reference
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798 http://osvdb.org/53750 http://secunia.com/advisories/34693 http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html http://www.securityfocus.com/bid/34461 http://www.securitytracker.com/id?1022055 http://www.us-cert.gov/cas/techalerts/TA09-105A.html http://www-01.ibm.com/support/docview.wss?uid=swg21660640
Share on: