Description
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).
Exploits (1)
exploitdb
WORKING POC
by Alexey Sintsov · textremotewindows
https://www.exploit-db.com/exploits/16056
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64770
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0143
Various Sources x_refsource_misc
http://dsecrg.com/pages/vul/show.php?id=307
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024981
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/16056
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45849
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42976
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515957/100/0/threaded
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Scores
EPSS
0.2881
EPSS Percentile
96.6%
Details
Status
published
Products (2)
oracle/fusion_middleware
10.1.3.4
oracle/fusion_middleware
10.1.3.5
Published
Jan 19, 2011
Tracked Since
Feb 18, 2026