4.4

CVE-2009-1011

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleApplication Server Version8.2.2
OracleApplication Server Version8.3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.345
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/34693
http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html
http://www.securityfocus.com/bid/34461
http://www.us-cert.gov/cas/techalerts/TA09-105A.html
US Government Resource
http://www.securitytracker.com/id?1022055
http://www-01.ibm.com/support/docview.wss?uid=swg21660640
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798
http://osvdb.org/53750