CVE-2008-0339

Oracle Database <=10.2.0.3 XML DB - Unspecified Remote Vulnerability

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0339. PoCs published by sh2kerr.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Oracle 10g R1 via the xDb.XDB_PITRIG_PKG.PITRIG_TRUNCATE function. It constructs an oversized buffer and passes it to the vulnerable function, causing a crash.

Description

Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.

Exploits (1)

exploitdb WORKING POC VERIFIED

by sh2kerr · remotemultiple

https://www.exploit-db.com/exploits/31010

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in Oracle 10g R1 via the xDb.XDB_PITRIG_PKG.PITRIG_TRUNCATE function. It constructs an oversized buffer and passes it to the vulnerable function, causing a crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Oracle Database 10g R1 (10.1.0.2.0)

Auth required

Prerequisites: Access to an Oracle database with privileges to execute the vulnerable function

MITRE ATT&CK