Release date:
Updated on:
Affected Systems:
Oracle Outside In Technology
Description:
--------------------------------------------------------------------------------
Oracle Outside In is a set of libraries that can decode more than 500 different file name formats.
Oracle Outside In sccfut. the dll component has a security vulnerability. When an email attachment in OOXML format is opened, the process copies the link tag to the local stack buffer, causing arbitrary code execution at the system level.
<* Source: anonymous
Link: http://www.zerodayinitiative.com/advisories/ZDI-12-017/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Oracle
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.oracle.com/technetwork/topics/security/