| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability note CVE-2012-0110
McAfee GroupShield, Symantec Enterprise Vault: code execution via Oracle Outside In
Synthesis of the vulnerability
| An attacker can send a malformed Lotus 123 file to an application using Oracle Outside In module, in order to execute code. |
Severity: 2/4.
Creation date: 19/01/2012.
|
Impacted products
Description of the vulnerability
The Oracle Outside In product offers data conversion features. The McAfee GroupShield and Symantec Enterprise Vault products use Oracle Outside In.
The vswk4.dll (libvs_wk4.so) library of Oracle Outside In decodes files in format Lotus 123 version 4. However, a malformed file corrupts the memory of vswk4.dll.
An attacker can therefore send a malformed Lotus 123 file to an application using Oracle Outside In module, in order to execute code. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: McAfee GroupShield, Symantec Enterprise Vault: code execution via Oracle Outside In.
Keywords: 123 Enterprise GroupShield Lotus McAfee Oracle Outside Symantec Vault code execution libvs_wk4 vswk4.
Identifiers: CVE-2012-0110, MAPG-8QKLAG, SYM12-004, TECH182366, VIGILANCE-VUL-11304, VU#738961.
Pointed by: VIGILANCE-VUL-11295.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
Vigil@nce provides software vulnerabilities announces. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The technology watch team tracks security threats targeting the computer system.
|
