6.5
CVSSv2

CVE-2008-2607

Published: 15/07/2008 Updated: 23/10/2012
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_AQELM. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a buffer overflow that allows malicious users to cause a denial of service (database corruption) and possibly execute arbitrary code via a long argument to an unspecified procedure.

Affected Products

Vendor Product Versions
OracleAdvanced Queuing Component*
OracleDatabase 9i9.2.0.8
OracleDatabase Server10.1.0.5, 10.2.0.4, 11.1.0.6