Vulnerability Details : CVE-2011-2264
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters. NOTE: the previous information was obtained from the July 2011 CPU. Oracle has not commented on claims from a reliable third party that this is a stack-based buffer overflow in the imcdr2.flt library for the CorelDRAW parser.
Vulnerability category: Overflow
Products affected by CVE-2011-2264
- cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:8.3.2.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2264
4.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2264
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
References for CVE-2011-2264
-
http://www.us-cert.gov/cas/techalerts/TA11-201A.html
Oracle Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.kb.cert.org/vuls/id/103425
VU#103425 - Oracle Outside In CorelDRAW file parser stack buffer overflowUS Government Resource
-
http://www-01.ibm.com/support/docview.wss?uid=swg21660640
Security Bulletin: Fix available for security vulnerabilities in Oracle Outside In Technology Code contained in IBM WebSphere Portal
-
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
Oracle Critical Patch Update - July 2011Patch;Vendor Advisory
Jump to