Description
Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40081
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26243
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482918/100/100/threaded
Scores
EPSS
0.0370
EPSS Percentile
88.5%
Details
CWE
CWE-119
Status
published
Products (10)
oracle/database_server
oracle/database_server
9.2.0.1
oracle/database_server
9.2.0.2
oracle/database_server
9.2.0.3
oracle/database_server
9.2.0.4
oracle/database_server
9.2.0.5
oracle/database_server
9.2.0.6
oracle/database_server
10.1.0.2
oracle/database_server
10.1.0.3
oracle/database_server
10.1.0.4
Published
Nov 08, 2007
Tracked Since
Feb 18, 2026