CVE-2010-3591

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 10.1.3.4 through 10.1.3.5

Description The issue affects confidentiality, integrity, and availability. It is related to Internal Operations in the Oracle Document Capture component. There are claims that remote attackers can overwrite or delete arbitrary files via a full pathname in the second argument to the DownloadSingleMessageToFile method in the EMPOP3Lib ActiveX component (empop3.dll).

Recommendations For Oracle Fusion Middleware versions 10.1.3.4 and 10.1.3.5, consider restricting access to the EMPOP3Lib ActiveX component (empop3.dll) to minimize the risk of exploitation. As a temporary workaround, avoid using the DownloadSingleMessageToFile method until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.