CVE-2004-1774

Oracle Application Server - Buffer Overflow in MDSYS.MD2.SDO_CODE_SIZE via LAYER Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1774. PoCs published by Esteban Martinez Fayo.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow in Oracle Database's MDSYS.MD2.SDO_CODE_SIZE procedure, allowing arbitrary code execution to create a SYSDBA user or Windows admin. It uses shellcode to execute OS commands via crafted input.

Description

Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Esteban Martinez Fayo · textremotemultiple

https://www.exploit-db.com/exploits/25397

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow in Oracle Database's MDSYS.MD2.SDO_CODE_SIZE procedure, allowing arbitrary code execution to create a SYSDBA user or Windows admin. It uses shellcode to execute OS commands via crafted input.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database Server 10.1.0.2

Auth required

Prerequisites: Authenticated access to Oracle Database · Windows 2000 Server SP4 environment

MITRE ATT&CK