CVE-2007-3854

Name of the Vulnerable Software and Affected Versions: Oracle Database versions 9.0.1.5 and later, 9.2.0.7, 10.1.0.5

Description: The issue affects the Oracle Database due to unspecified vulnerabilities in the Advanced Queuing and Spatial components. These vulnerabilities can be exploited by remote authenticated users and may allow for SQL injection via SYS.DBMS PRVTAQIS and a buffer overflow via MDSYS.MD.

Recommendations: For Oracle Database version 9.0.1.5 and later, consider restricting access to the SYS.DBMS PRVTAQIS and MDSYS.MD components until a patch is available. For Oracle Database version 9.2.0.7, restrict access to the SYS.DBMS PRVTAQIS and MDSYS.MD components until a patch is available. For Oracle Database version 10.1.0.5, restrict access to the SYS.DBMS PRVTAQIS and MDSYS.MD components until a patch is available.