CVE-2013-0418

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 8.3.7 through 8.4 Microsoft Exchange Server (affected versions not specified)

Description The issue allows attackers to affect availability or execute remote code, potentially via a heap-based buffer overflow in the Paradox database stream filter. Details include the exploitation of a crafted "number of fields" value in a table header. For Microsoft Exchange Server, the vulnerability exists through the WebReady Document Viewing feature, allowing remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.

Recommendations For Oracle Fusion Middleware versions 8.3.7 through 8.4, consider disabling the Outside In Filters or restricting access to the Paradox database stream filter until a patch is available. For Microsoft Exchange Server, restrict access to the WebReady Document Viewing feature to minimize the risk of exploitation, and avoid viewing specially crafted files through Outlook Web Access in a browser until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.