Published: 31/08/2004 Updated: 11/07/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g prior to 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle application server 10.1.0.2
oracle oracle10g enterprise_10.1.0.2
oracle oracle10g personal_10.1.0.2
oracle oracle10g standard_10.1.0.2

source: wwwsecurityfocuscom/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability Reportedly this issue affects the 'MDSYSMD2SDO_CODE_SIZE' procedure An attacker can supply excessive data to an affected routine resulting in overflowing a destination buffer This issue can be leveraged to execute arbitrar ...

NVD-CWE-Other http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/025984.html http://www.appsecinc.com/resources/alerts/oracle/2004-0001/http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf http://www.securiteam.com/securitynews/5CP010KE0W.html http://www.frsirt.com/exploits/20050413.OracleExploit.sql.php http://www.securityfocus.com/bid/13145 https://exchange.xforce.ibmcloud.com/vulnerabilities/20078 https://nvd.nist.gov https://www.exploit-db.com/exploits/25397/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1774

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect