Vulnerability Description
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server | 8.2.2 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798
- http://osvdb.org/53750
- http://secunia.com/advisories/34693
- http://www-01.ibm.com/support/docview.wss?uid=swg21660640
- http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html
- http://www.securityfocus.com/bid/34461
- http://www.securitytracker.com/id?1022055
- http://www.us-cert.gov/cas/techalerts/TA09-105A.htmlUS Government Resource
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798
- http://osvdb.org/53750
- http://secunia.com/advisories/34693
- http://www-01.ibm.com/support/docview.wss?uid=swg21660640
- http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html
- http://www.securityfocus.com/bid/34461
- http://www.securitytracker.com/id?1022055
FAQ
What is CVE-2009-1011?
CVE-2009-1011 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML...
How severe is CVE-2009-1011?
CVE-2009-1011 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1011?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server.