CVE-2009-1011

high

Description

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.

References

http://www.us-cert.gov/cas/techalerts/TA09-105A.html

http://www.securitytracker.com/id?1022055

http://www.securityfocus.com/bid/34461

http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html

http://www-01.ibm.com/support/docview.wss?uid=swg21660640

http://secunia.com/advisories/34693

http://osvdb.org/53750

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798

Details

Source: Mitre, NVD

Published: 2009-04-15

Updated: 2014-01-14

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High