DB: Oracle Fusion Middleware Outside In Excel File Parsing Integer Overflow
An integer overflow vulnerability exists in Oracle Outside In. The vulnerability is due to improper parsing of Excel files. When handling TxO records the code improperly wraps an integer value. This will result in an integer overflow causing a heap-based buffer overflow. A remote unauthenticated attacker can exploit this vulnerability by causing an application that uses the vulnerable library to handle a malformed Excel file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.
Short Name
DB:ORACLE:FUSION-XLS-IO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
Excel File Fusion In Integer Middleware Oracle Outside Overflow Parsing
Release Date
09/07/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3686
False Positive
Unknown