CVE-2013-1559

Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 - Authenticated Denial of Service in Content Server

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-1559. PoCs published by Metasploit, including Metasploit module exploits/windows/browser/oracle_webcenter_checkoutandopen.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in Oracle WebCenter Content's CheckOutAndOpenControl ActiveX via the openWebdav() method, which allows arbitrary HTA execution leading to remote code execution. It delivers a payload through a crafted HTA file and achieves execution via ShellExecuteExW.

Description

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/25979

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in Oracle WebCenter Content's CheckOutAndOpenControl ActiveX via the openWebdav() method, which allows arbitrary HTA execution leading to remote code execution. It delivers a payload through a crafted HTA file and achieves execution via ShellExecuteExW.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle WebCenter Content 11.1.1.6.0

No auth needed

Prerequisites: Victim must use Internet Explorer with the vulnerable ActiveX control installed · Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/oracle_webcenter_checkoutandopen.rb

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in Oracle WebCenter Content's CheckOutAndOpenControl ActiveX control by abusing the openWebdav() method to execute arbitrary HTA files, leading to remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Oracle WebCenter Content 11.1.1.6.0

No auth needed

Prerequisites: Victim must have the vulnerable ActiveX control installed · Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Scores

EPSS 0.5882

EPSS Percentile 99.0%

Details

Status published

Products (2)

oracle/fusion_middleware 10.1.3.5.1

oracle/fusion_middleware 11.1.1.6.0

Published Apr 17, 2013

Tracked Since Feb 18, 2026