Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0418

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-0418
Last Modified 13 Jan 2014 11:22:34
Published 16 Jan 2013 08:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0418

Summary

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.

Vulnerable Systems

Application

  • Microsoft Exchange Server 2007

  • Microsoft Exchange Server 2010

  • Oracle Fusion Middleware 8.3.7.0

  • Oracle Fusion Middleware 8.4


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

BUGTRAQ - 20130117 Secunia Research: Oracle Outside In Technology Paradox Database Handling Buffer Overflow

MS - MS13-012

CERT - TA13-043B

MANDRIVA - MDVSA-2013:150

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21660640

Related Patches

MS13-012 Update Rollup 6 for Exchange Server 2010 Service Pack 2 (KB2746164)

MS13-012 Update Rollup 10 for Exchange Server 2007 SP 3 (KB2788321)


Last Updated: 27 May 2016 10:36:58