1.5 CVE-2013-5791

Exploit

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.
https://nvd.nist.gov/vuln/detail/CVE-2013-5791

References

BID

63076

CERT-VN

VU#953241 US Government Resource

CONFIRM

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21660640

EXPLOIT-DB

31222

MISC

http://www.citadelo.com/en/ms13-105-oracle-outside-in-mdb-parsing-vulnerability-cve-2013-5791/

MS

MS13-105

SECTRACK

1029190

SECUNIA

56237
56241
56243

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:oracle:fusion_middleware:8.4:::::::*
cpe:2.3:a:oracle:fusion_middleware:8.4.1:::::::*

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
31222	Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC)	2014-01-27 00:00:00

Other (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

MITRE

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution