CVE ID | |
CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
AFFECTED VENDORS |
Oracle |
AFFECTED PRODUCTS |
Business Intelligence |
TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['10779']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Business Intelligence One. Authentication is not required to exploit this vulnerability. The flaw exists within the emagent.exe component which listens by default on TCP port 3938. When handling an HTTP request in oranmemso.dll the function nmehl_getURIParams blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. |
ADDITIONAL DETAILS |
issue was fixed in Oct 2005 CPU: http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html Researcher credit for this issue was mentioned in the CPU for Jan 2011: |
DISCLOSURE TIMELINE |
|
CREDIT | AbdulAziz Hariri |