Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption Vulnerability 2

2015.11.24
Risk: High
Local: Yes
Remote: No
CWE: CWE-noinfo


CVSS Base Score: 1.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 2.7/10
Exploit range: Local
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

##################################################################################### Application: Oracle Outside In Platforms: Windows Versions: 8.5.2 CVE: CVE-2015-4877 Author: Francis Provencher of COSIG Twitter: @COSIG_ ##################################################################################### 1) Introduction 2) Report Timeline 3) Technical details 4) POC ##################################################################################### =============== 1) Introduction =============== Oracle Outside In Technology provides software developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats. From the latest office suites, such as Microsoft Office 2007, to specialty formats and legacy files, Outside In Technology provides software developers with the tools to transform unstructured files into controllable information. (http://www.oracle.com/us/technologies/embedded/025613.htm) ##################################################################################### ============================ 2) Report Timeline ============================ 2015-06-09: Francis Provencher of COSIG found the issue; 2015-06-11: Francis Provencher of COSIG report vulnerability to Oracle SA; 2015-10-18: Oracle release a patch for this issue; ##################################################################################### ============================ 3) Technical details ============================ An heap memory corruption occured when Outside In decode (DCTDecode) a PDF with a JPEG that have an invalid “Heigth” value. Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening or previewing a malicious file. ##################################################################################### =========== 4) POC =========== http://protekresearchlab.com/exploits/COSIG-2015-002.pdf ###############################################################################

References:

http://protekresearchlab.com/exploits/COSIG-2015-002.pdf


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top