Oracle Outside In Technology CVE-2012-1769 Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/54500

Security Info

Bugtraq ID:	54500
Class:	Unknown
CVE:	CVE-2012-1769
Remote:	Yes
Local:	No
Published:	Jul 17 2012 12:00AM
Updated:	Jul 25 2012 07:01PM
Credit:	Oracle
Vulnerable:	Microsoft Office SharePoint Server 2010 SP1 Microsoft Exchange Server 2007 SP3 Microsoft Exchange Server 2007 SP2 Microsoft Exchange Server 2007 SP 1

Not Vulnerable:	Microsoft Exchange Server 2003 SP2 Microsoft Exchange Server 2000 SP3

Security Discussion

Oracle Outside In Technology is prone to a remote code-execution vulnerability.

The 'Outside In Filters' sub component is affected.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

This vulnerability affects the following supported versions:
8.3.5, 8.3.7

Proof of Concept and Security Exploits

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security Solution(s)

Solution:
Vendor updates are available. Please contact the vendor for more information.

Security References(s)

References:

Oracle Homepage (Oracle)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services