bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/36788.txt
Offensive Security d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
2022-11-10 16:39:50 +00:00

67 lines
No EOL
2 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#####################################################################################
Title: Oracle Outside-In DOCX File Parsing Memory Corruption
Platforms: Windows
CVE:
Secunia:
{PRL}: 2015-04
Author: Francis Provencher (Protek Research Labs)
Website: http://www.protekresearchlab.com/
Twitter: @ProtekResearch
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Oracle Outside In Technology provides software developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats. From the latest office suites, such as Microsoft Office 2007, to specialty formats and legacy files, Outside In Technology provides software developers with the tools to transform unstructured files into controllable information.
(http://www.oracle.com/us/technologies/embedded/025613.htm)
#####################################################################################
============================
2) Report Timeline
============================
2015-02-17: Francis Provencher from Protek Research Labs found the issue;
2015-02-18: Oracle Security Alerts confirmed the issue;
2015-04-15: Oracle release a Patch for this issue.
#####################################################################################
============================
3) Technical details
============================
The vulnerability is caused due to a certain value in a document, which can be exploited to corrupt memory via a specially crafted document.
Successful exploitation may allow execution of arbitrary code.
#####################################################################################
===========
4) POC
===========
http://protekresearchlab.com/exploits/PRL-2015-04.docx
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36788.docx
Reference in a new issue View git blame Copy permalink