BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Oracle Outside In Microsoft Access Remote Code Execution

Disclosed October 15, 2013    Partially Patched

Vulnerability Description:

Oracle Outside In libraries contain a stack-based buffer overflow within the Microsoft Access 1.x database file parser, which is included in Microsoft Exchange and other software packages. An attacker that specially crafts an Access 1.x database file may send that file to a vulnerable software installation and possibly gain the ability to remotely execute code.

Vendors:

Microsoft, miscellaneous vendors, Oracle

Vulnerable Software/Devices:

Any software that uses Oracle Outside In libraries, such as the following:
Microsoft Exchange
Oracle Fusion Middleware
Novell Groupwise

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Remote Code Execution
Exploitation of this vulnerability is possible via specially crafted Microsoft Access 1.x database files. In the case of an attack against Microsoft Exchange, an attacker would specially craft an Access 1.x database file and send it to a vulnerable Exchange server, possibly gaining the ability to arbitrarily execute code.

BeyondTrust Prevention and Detection:

 

Mitigation:

No mitigations are currently available. 

Links:

CVE(s):