Oracle WebCenter Forms Recognition 'CroScPlt.dll' ActiveX Control Insecure Method Vulnerability
BID:53082
Info
Oracle WebCenter Forms Recognition 'CroScPlt.dll' ActiveX Control Insecure Method Vulnerability
| Bugtraq ID: | 53082 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1709 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 18 2012 12:00AM |
| Updated: | Nov 07 2012 08:30PM |
| Credit: | Andrea Micalizzi aka rgod via Zero Day Initiative |
| Vulnerable: |
Oracle WebCenter Forms Recognition 10.1.3.5 |
| Not Vulnerable: | |
Discussion
Oracle WebCenter Forms Recognition 'CroScPlt.dll' ActiveX Control Insecure Method Vulnerability
Oracle WebCenter Forms Recognition is prone to a vulnerability caused by an insecure method that affects the 'CroScPlt.dll' ActiveX control.
An attacker can exploit this issue to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the ActiveX control.
Successfully exploiting this issue will allow attackers to execute arbitrary code in the context of the current user.
This vulnerability affects the following supported versions:
10.1.3.5
Oracle WebCenter Forms Recognition is prone to a vulnerability caused by an insecure method that affects the 'CroScPlt.dll' ActiveX control.
An attacker can exploit this issue to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the ActiveX control.
Successfully exploiting this issue will allow attackers to execute arbitrary code in the context of the current user.
This vulnerability affects the following supported versions:
10.1.3.5
Exploit / POC
Oracle WebCenter Forms Recognition 'CroScPlt.dll' ActiveX Control Insecure Method Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Oracle WebCenter Forms Recognition 'CroScPlt.dll' ActiveX Control Insecure Method Vulnerability
References:
References: