Oracle Outside In libraries contain a stack-based buffer overflow within the Microsoft Access 1.x database file parser, which is included in Microsoft Exchange and other software packages. An attacker that specially crafts an Access 1.x database file may send that file to a vulnerable software installation and possibly gain the ability to remotely execute code.
Microsoft, miscellaneous vendors, Oracle
Any software that uses Oracle Outside In libraries, such as the following:
Oracle Fusion Middleware
Remote Code Execution
Exploitation of this vulnerability is possible via specially crafted Microsoft Access 1.x database files. In the case of an attack against Microsoft Exchange, an attacker would specially craft an Access 1.x database file and send it to a vulnerable Exchange server, possibly gaining the ability to arbitrarily execute code.
BeyondTrust Prevention and Detection:
No mitigations are currently available.