Symantec Enterprise Vault < 10.0.2 Multiple Vulnerabilities in Oracle Outside-In Libraries (SYM12-015)

Medium Nessus Plugin ID 62458


An archiving application installed on the remote host has multiple vulnerabilities.


The version of Symantec Enterprise Vault installed on the remote host uses a version of the Oracle Outside-In libraries that contains multiple vulnerabilities. A remote attacker could send an email with a malicious attachment to be downloaded and stored in a user's mail box until processed for archiving thus potentially resulting in a denial of service in the application or allow arbitrary code execution.


Upgrade to Symantec Enterprise Vault version 10.0.2 or later.

See Also

Plugin Details

Severity: Medium

ID: 62458

File Name: symantec_enterprise_vault_sym12-015.nasl

Version: $Revision: 1.12 $

Type: local

Agent: windows

Family: Windows

Published: 2012/10/09

Modified: 2016/05/19

Dependencies: 56412

Risk Information

Risk Factor: Medium


Base Score: 6

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: x-cpe:/a:symantec:enterprise_vault

Required KB Items: SMB/enterprise_vault/path, SMB/enterprise_vault/ver

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/09/28

Vulnerability Publication Date: 2012/04/20

Exploitable With

ExploitHub (EH-12-497)

Reference Information

CVE: CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110

BID: 54497, 54500, 54504, 54506, 54511, 54531, 54536, 54541, 54543, 54546, 54548, 54550, 54554

OSVDB: 83900, 83901, 83902, 83903, 83904, 83905, 83906, 83907, 83908, 83909, 83910, 83911, 83944

CERT: 118913