CVE-2015-2572

Oracle Hyperion <11.1.2.5.216 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2572. PoCs published by sajith.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Oracle Hyperion Smart View for Office by injecting a large string (50,000 'A's) into the 'Shared Connections URL' field, causing the application to crash. The PoC includes a Python script to generate the payload and debugger output confirming the crash.

Description

Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.

Exploits (1)

exploitdb WORKING POC

by sajith · textdoswindows

https://www.exploit-db.com/exploits/36783

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in Oracle Hyperion Smart View for Office by injecting a large string (50,000 'A's) into the 'Shared Connections URL' field, causing the application to crash. The PoC includes a Python script to generate the payload and debugger output confirming the crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Oracle Hyperion Smart View for Office Fusion Edition 11.1.2.3.000 Build 157

No auth needed

Prerequisites: Oracle Hyperion Smart View for Office installed · Microsoft Excel 2010 or other integrated Office products

MITRE ATT&CK