Oracle WebCenter Content CVE-2013-1559 Remote Code Execution Vulnerability
BID:59122
Info
Oracle WebCenter Content CVE-2013-1559 Remote Code Execution Vulnerability
| Bugtraq ID: | 59122 |
| Class: | Unknown |
| CVE: |
CVE-2013-1559 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2013 12:00AM |
| Updated: | Aug 12 2013 01:06PM |
| Credit: | Andrea Micalizzi aka rgod |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Oracle WebCenter Content CVE-2013-1559 Remote Code Execution Vulnerability
Oracle WebCenter Content is prone to a remote code-execution vulnerability.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
This vulnerability affects the following supported versions:
10.1.3.5.1, 11.1.1.6.0
Oracle WebCenter Content is prone to a remote code-execution vulnerability.
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
This vulnerability affects the following supported versions:
10.1.3.5.1, 11.1.1.6.0
Exploit / POC
Oracle WebCenter Content CVE-2013-1559 Remote Code Execution Vulnerability
The following exploit is available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.
The following exploit is available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product.
Solution / Fix
Oracle WebCenter Content CVE-2013-1559 Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Oracle WebCenter Content CVE-2013-1559 Remote Code Execution Vulnerability
References:
References:
- Oracle Homepage (Oracle)