Quest Toad DBA Suite for Oracle ActiveX Control Arbitrary File Overwrite Vulnerability
BID:52920
Info
Quest Toad DBA Suite for Oracle ActiveX Control Arbitrary File Overwrite Vulnerability
| Bugtraq ID: | 52920 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2012 12:00AM |
| Updated: | Apr 05 2012 12:00AM |
| Credit: | retrogod |
| Vulnerable: |
Quest Software Toad DBA Suite for Oracle 0 |
| Not Vulnerable: | |
Discussion
Quest Toad DBA Suite for Oracle ActiveX Control Arbitrary File Overwrite Vulnerability
Quest Toad DBA Suite for Oracle ActiveX control is prone to an arbitrary-file-overwrite vulnerability.
Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer).
Quest Toad DBA Suite for Oracle ActiveX control is prone to an arbitrary-file-overwrite vulnerability.
Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application that is using the ActiveX control (typically Internet Explorer).
Exploit / POC
Quest Toad DBA Suite for Oracle ActiveX Control Arbitrary File Overwrite Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage.
Solution / Fix
Quest Toad DBA Suite for Oracle ActiveX Control Arbitrary File Overwrite Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Quest Toad DBA Suite for Oracle ActiveX Control Arbitrary File Overwrite Vulnerability
References:
References: