HTTP: Oracle Document Capture EasyMail ActiveX Control Information Disclosure
This signatured detects attempts to exploit a known information disclosure vulnerability in the EasyMail ActiveX control included with Oracle Document Capture. It is due to improper validation of user input within the ImportBodyTextEx(), ImportBodyText() and ImportBodyTextAlternative() methods, allowing an attacker to read any file in the affected system. Remote unauthenticated attackers can exploit this by enticing target users to visit a malicious Web page.
Extended Description
Oracle Document Capture is prone to a remote information disclosure vulnerability. The vulnerability affects the EasyMail ActiveX Control and can be exploited to retrieve the contents of arbitrary files. This vulnerability affects the following supported versions: 10.1.3.4, 10.1.3.5
Affected Products
Oracle document_capture
Short Name
HTTP:STC:ACTIVEX:EASYMAIL-LEAK
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2010-3595 Capture Control Disclosure Document EasyMail Information Oracle bid:45849
Release Date
02/09/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle
CVSS Score
7.8