CVE-2010-3595

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 10.1.3.4 through 10.1.3.5

Description The issue affects confidentiality and is related to the Import Server in the Oracle Document Capture component. Details about exploitation include the ImportBodyText method in the emsmtp.dll ActiveX control, where attackers may be able to read arbitrary files by providing a full pathname as the first argument.

Recommendations For Oracle Fusion Middleware versions 10.1.3.4 and 10.1.3.5, consider restricting access to the Import Server and the EasyMail ActiveX control until a fix is available. As a temporary workaround, avoid using the ImportBodyText method in the emsmtp.dll control with untrusted input.