PT-2012-3435 · Oracle · Oracle Database

Joxean Koret

Published

2012-05-08

Updated

2025-09-13

CVE-2012-1675

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Oracle Database versions 10.2.0.3 through 10.2.0.5 Oracle Database versions 11.1.0.7 through 11.2.0.3

Description The issue allows remote attackers to execute arbitrary database commands. This can be achieved by performing a remote registration of a database instance or service name that already exists, and then conducting a man-in-the-middle attack to hijack database connections.

Recommendations For Oracle Database versions 10.2.0.3 through 10.2.0.5, update to a version that is not affected by this issue. For Oracle Database versions 11.1.0.7 through 11.2.0.3, update to a version that is not affected by this issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-1675

ORACLETNSPOISONCHECK

Affected Products

Oracle Database

PT-2012-3435 · Oracle · Oracle Database

CVE-2012-1675

Weakness Enumeration

Related Identifiers

Affected Products

References · 15