Short Name |
DB:ORACLE:FUSION-XLS-IO |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle Fusion Middleware Outside In Excel File Parsing Integer Overflow |
Release Date |
2012/09/07 |
Update Number |
2183 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
An integer overflow vulnerability exists in Oracle Outside In. The vulnerability is due to improper parsing of Excel files. When handling TxO records the code improperly wraps an integer value. This will result in an integer overflow causing a heap-based buffer overflow. A remote unauthenticated attacker can exploit this vulnerability by causing an application that uses the vulnerable library to handle a malformed Excel file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.