CVE-2011-5167

Oracle Hyperion Strategic Finance < 12.0 - Remote Code Execution via ActiveX SetDevNames

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5167. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a heap overflow vulnerability in Oracle Hyperion Strategic Finance Client 12.x via the Tidestone Formula One WorkBook OLE Control (TTF16.ocx). It uses heap spraying to achieve remote code execution by triggering the SetDevNames() method with maliciously crafted input.

Description

Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · htmlremotewindows

https://www.exploit-db.com/exploits/18092

View Code ZIP pw:eip

This exploit targets a heap overflow vulnerability in Oracle Hyperion Strategic Finance Client 12.x via the Tidestone Formula One WorkBook OLE Control (TTF16.ocx). It uses heap spraying to achieve remote code execution by triggering the SetDevNames() method with maliciously crafted input.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle Hyperion Strategic Finance Client 12.x (TTF16.ocx 6.3.5 Build 1)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · Target system must have the vulnerable ActiveX control installed and enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →