CVE-2010-3599

Oracle Fusion Middleware <10.1.3.5 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3599. PoCs published by Alexandr Polyakov.

AI-analyzed exploit summary The exploit demonstrates an insecure method in the NCSECWLib ActiveX control component of Oracle Document Capture, allowing file overwrite and buffer overflow via the WriteJPG method. It includes two examples: one for overwriting files and another for triggering a buffer overflow.

Description

Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can overwrite arbitrary files and execute arbitrary code via a full pathname in the first argument to the WriteJPG method in the NCSECWLib ActiveX control.

Exploits (1)

exploitdb WORKING POC

by Alexandr Polyakov · textremotewindows

https://www.exploit-db.com/exploits/16052

View Code ZIP pw:eip

The exploit demonstrates an insecure method in the NCSECWLib ActiveX control component of Oracle Document Capture, allowing file overwrite and buffer overflow via the WriteJPG method. It includes two examples: one for overwriting files and another for triggering a buffer overflow.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Oracle Document Capture 10.1.3.5

No auth needed

Prerequisites: Victim must visit a malicious webpage · ActiveX control must be installed and enabled

MITRE ATT&CK