PT-2012-2144 · Tidestone+1 · Tidestone Formula One Activex Control+1

Rgod

Publicado

2012-09-15

Atualizado

2017-08-29

CVE-2011-5167

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Hyperion Strategic Finance versions 12.x and earlier

Description A heap-based buffer overflow issue exists in the SetDevNames method of the Tidestone Formula One ActiveX control, allowing remote attackers to execute arbitrary code via a long string to the DriverName parameter.

Recommendations For Oracle Hyperion Strategic Finance versions 12.x and earlier, consider restricting access to the Tidestone Formula One ActiveX control until a patch is available. As a temporary workaround, avoid using long strings for the DriverName parameter to minimize the risk of exploitation.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2011-5167

Produtos afetados

Oracle Hyperion Strategic Finance

Tidestone Formula One Activex Control

PT-2012-2144 · Tidestone+1 · Tidestone Formula One Activex Control+1

CVE-2011-5167

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9