Oracle Forms Recognition Multiple ActiveX Control Arbitrary File Overwrite Vulnerabilities

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple file overwrite vulnerabilities.

Description :

The remote host has an unpatched version of Oracle Forms Recognition
installed that is affected by multiple vulnerable ActiveX controls. A
flaw in the 'Save()' method of the 'CroScPlt' control, and the
'saveLayout()' method of the 'Sssplt30' control may be exploited to
overwrite arbitrary files on the system. These vulnerabilities may be
further leveraged to execute arbitrary code on the system.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-12-074/
http://www.zerodayinitiative.com/advisories/ZDI-12-073/
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html

Solution :

Apply Oracle Patch 13882540.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 62820 ()

Bugtraq ID: 53062
53082

CVE ID: CVE-2012-1709
CVE-2012-1710