Oracle Outside In Technology Paradox Database Stream Filter
Oracle Outside In Technology Paradox Database Stream Filter Vulnerabilities
Release Date : 2013-01-16
Criticality level : Highly critical
Where: From remote
Solution Status : Vendor Patch
Software: Oracle Outside In Technology 8.x
Secunia Research has discovered two vulnerabilities in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
1) An error in the Paradox database stream filter (vspdx.dll) when processing the field type within a field description array can be exploited to reference unallocated memory via an unsupported type value (e.g. 14).
2) An error in the Paradox database stream filter (vspdx.dll) when processing the field names can be exploited to cause a heap-based buffer overflow via a specially crafted "number of fields" value in the table header.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 8.3.7 (w/ patch 14153713). Other versions may also be affected.
Apply updates (please see the vendor's advisory for details).
Provided and/or discovered by:
Dmitriy Pletnev, Secunia Research.