CVE-2010-3595

Oracle Fusion Middleware <10.1.3.5 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3595. PoCs published by Alexey Sintsov.

AI-analyzed exploit summary This exploit leverages an insecure READ method in the EasyMail ActiveX Control (emsmtp.dll) included in Oracle Document Capture. The vulnerable method 'ImportBodyText()' allows reading any file on the target system, exposing sensitive information.

Description

Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).

Exploits (1)

exploitdb WORKING POC

by Alexey Sintsov · textremotewindows

https://www.exploit-db.com/exploits/16056

View Code ZIP pw:eip

This exploit leverages an insecure READ method in the EasyMail ActiveX Control (emsmtp.dll) included in Oracle Document Capture. The vulnerable method 'ImportBodyText()' allows reading any file on the target system, exposing sensitive information.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Oracle Document Capture 10.1350.0005

No auth needed

Prerequisites: Target system must have Oracle Document Capture installed · ActiveX controls must be enabled in the browser

MITRE ATT&CK