| Check Point Reference: |
CPAI-2009-306 |
| Date Published: |
4 Dec 2009 |
| Severity: |
High
|
| Last Updated: |
Thursday 01 January, 2009 |
| Source: |
Secunia Advisory: SA37269 |
| Industry Reference: | N/A |
| Protection Provided by: |
|
| Who is Vulnerable? | Oracle Document Capture 10.1.3.5.0
QuikSoft Corp EasyMail prior to 6.5 |
| Vulnerability Description |
A stack buffer overflow vulnerability exists in Oracle Document Capture, which is integrated with Oracle Imaging and Process Management and Oracle Universal Content Management products. The vulnerability is due to a boundary error when parsing a crafted argument passed to the EasyMail SMTP ActiveX component. Remote attackers can exploit this vulnerability by convincing target users to visit a malicious web page. Successful exploitation could lead to arbitrary code execution on the target system. |
| Update/Patch Avaliable | At the time of writing this advisory the vendor has not released an advisory or patch addressing this vulnerability. |
| Vulnerability Details | The vulnerability exists in the ActiveX control emsmtp.dll. The length of the value assigned to one of its parameters is not validated before being copied into a stack-based buffer of fixed size. |
Feedback