CVE-2010-3599

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 10.1.3.4 through 10.1.3.5

Description The issue affects the integrity and availability of the system, related to the Import Server in the Oracle Document Capture component. It is claimed that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.

Recommendations For Oracle Fusion Middleware versions 10.1.3.4 and 10.1.3.5, consider restricting access to the Import Server and the NCSECWLib ActiveX control to minimize the risk of exploitation. As a temporary workaround, consider disabling the WriteJPG method in the NCSECWLib ActiveX control until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.