CVE-2007-3855

Oracle Database <10.2.0.3 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-3855. PoCs published by bunker.

AI-analyzed exploit summary This SQL script exploits CVE-2007-3855 in Oracle 9i/10g by creating a malicious view to update a user's password without proper authorization. It demonstrates unauthorized password modification via a view-based attack.

Description

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.

Exploits (2)

exploitdb WORKING POC VERIFIED
by bunker · localmultiple
https://www.exploit-db.com/exploits/4203

This SQL script exploits CVE-2007-3855 in Oracle 9i/10g by creating a malicious view to update a user's password without proper authorization. It demonstrates unauthorized password modification via a view-based attack.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Oracle 9i/10g
Auth required
Prerequisites: CREATE VIEW privilege · Access to execute SQL commands
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by bunker · localmultiple
https://www.exploit-db.com/exploits/30295

This SQL script exploits CVE-2007-3855 in Oracle 9i/10g by creating a malicious view to update a user's password without proper authorization. It demonstrates an unauthorized password change by leveraging a view-based vulnerability.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Oracle 9i/10g
Auth required
Prerequisites: CREATE VIEW privilege · Access to the target Oracle database
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26114
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26166
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-200A.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2903
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2562
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2635
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35495
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474326/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35490
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018415
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/473997/100/0/threaded

Scores

EPSS 0.1582
EPSS Percentile 96.5%

Details

Status published
Products (5)
oracle/database_server 9.0.1.5
oracle/database_server 9.2.0.8
oracle/database_server 9.2.0.8dv
oracle/database_server 10.1.0.5
oracle/database_server 10.2.0.3
Published Jul 18, 2007
Tracked Since Feb 18, 2026