CVE-2004-1774

Name of the Vulnerable Software and Affected Versions Oracle versions prior to 10.1.0.2 Patch 2

Description A buffer overflow issue exists in the SDO CODE SIZE procedure of the MD2 package (MDSYS.MD2.SDO CODE SIZE) that allows local users to execute arbitrary code via a long LAYER parameter.

Recommendations For versions prior to 10.1.0.2 Patch 2, apply Patch 2 to resolve the issue. As a temporary workaround, consider restricting access to the SDO CODE SIZE procedure to minimize the risk of exploitation. Avoid using long values for the LAYER parameter in the affected procedure until the issue is resolved.