CVE-2012-1675

Name of the Vulnerable Software and Affected Versions Oracle Database versions 10.2.0.3 through 10.2.0.5 Oracle Database versions 11.1.0.7 through 11.2.0.3

Description The issue allows remote attackers to execute arbitrary database commands. This can be achieved by performing a remote registration of a database instance or service name that already exists, and then conducting a man-in-the-middle attack to hijack database connections.

Recommendations For Oracle Database versions 10.2.0.3 through 10.2.0.5, update to a version that is not affected by this issue. For Oracle Database versions 11.1.0.7 through 11.2.0.3, update to a version that is not affected by this issue.