Oracle WebCenter Forms Recognition 'Sssplt30.ocx' ActiveX Control Remote Code Execution Vulnerabilty
BID:53062
Info
Oracle WebCenter Forms Recognition 'Sssplt30.ocx' ActiveX Control Remote Code Execution Vulnerabilty
| Bugtraq ID: | 53062 |
| Class: | Unknown |
| CVE: |
CVE-2012-1710 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 18 2012 12:00AM |
| Updated: | Nov 07 2012 06:30PM |
| Credit: | Andrea Micalizzi aka rgod |
| Vulnerable: |
Oracle WebCenter Forms Recognition 10.1.3.5 |
| Not Vulnerable: | |
Discussion
Oracle WebCenter Forms Recognition 'Sssplt30.ocx' ActiveX Control Remote Code Execution Vulnerabilty
Oracle WebCenter Forms Recognition is prone to a remote code-execution vulnerability.
An attacker can exploit the issue to execute arbitrary code in the context of the current user.
Note: This issue was previously titled 'Oracle WebCenter Forms Recognition CVE-2012-1710 Remote Vulnerability'. The title and technical details have been changed to better reflect the underlying component affected.
This vulnerability affects the following supported versions:
10.1.3.5
Oracle WebCenter Forms Recognition is prone to a remote code-execution vulnerability.
An attacker can exploit the issue to execute arbitrary code in the context of the current user.
Note: This issue was previously titled 'Oracle WebCenter Forms Recognition CVE-2012-1710 Remote Vulnerability'. The title and technical details have been changed to better reflect the underlying component affected.
This vulnerability affects the following supported versions:
10.1.3.5
Exploit / POC
Oracle WebCenter Forms Recognition 'Sssplt30.ocx' ActiveX Control Remote Code Execution Vulnerabilty
To exploit this issue, an attacker must entice an unsuspecting user to view a specially crafted webpage.
To exploit this issue, an attacker must entice an unsuspecting user to view a specially crafted webpage.
Solution / Fix
Oracle WebCenter Forms Recognition 'Sssplt30.ocx' ActiveX Control Remote Code Execution Vulnerabilty
Solution:
Vendor updates are available. Please contact the vendor for more information.
Solution:
Vendor updates are available. Please contact the vendor for more information.
References
Oracle WebCenter Forms Recognition 'Sssplt30.ocx' ActiveX Control Remote Code Execution Vulnerabilty
References:
References: