CVE-2013-5791

Oracle Fusion Middleware 8.4.0-8.4.1 - Denial of Service in Outside In Filters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5791. PoCs published by Citadelo.

AI-analyzed exploit summary This exploit is a proof-of-concept for a stack-based buffer overflow vulnerability in Oracle Outside In MDB file parsing. It triggers an access violation by providing a malformed MDB file, leading to a crash in the `VwStreamTell` function.

Description

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.

Exploits (1)

exploitdb WORKING POC

by Citadelo · pythondoswindows

https://www.exploit-db.com/exploits/31222

View Code ZIP pw:eip

This exploit is a proof-of-concept for a stack-based buffer overflow vulnerability in Oracle Outside In MDB file parsing. It triggers an access violation by providing a malformed MDB file, leading to a crash in the `VwStreamTell` function.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Oracle Outside In <= 8.4.1.52 and < 8.4.0.108

No auth needed

Prerequisites: Target system must have vulnerable Oracle Outside In installed

MITRE ATT&CK