CVE-2007-2110

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.0.1.5 and later, 9.2.0.7, 10.1.0.4

Description The issue concerns an unspecified vulnerability in the Core RDBMS component of Oracle Database. It is reported that this vulnerability may allow local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions. This is allegedly due to the RDBMS using a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections.

Recommendations For Oracle Database versions 9.0.1.5 and later, 9.2.0.7, 10.1.0.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.