Vulnerability Name:

CVE-2011-2264 (CCN-68650)

Assigned:2011-07-20
Published:2011-07-20
Updated:2014-01-14
Summary:Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters.
Note: the previous information was obtained from the July 2011 CPU. Oracle has not commented on claims from a reliable third party that this is a stack-based buffer overflow in the imcdr2.flt library for the CorelDRAW parser.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: AccessData Web site
Forensic Toolkit

Source: MITRE
Type: CNA
CVE-2011-2264

Source: CCN
Type: SA45219
AccessData FTK CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45261
ACD Systems Canvas CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45281
Quick View Plus CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45297
Oracle Outside In Technology Outside In Filters Two Vulnerabilities

Source: CCN
Type: SA45342
EnCase Forensic CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45343
Kamel FastLook CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45347
Lucion FileCenter CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45349
McAfee GroupShield CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45352
Presto! PageManager CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45353
Novell Groupwise CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45356
Paraben Device Seizure CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45357
X1 Professional CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45573
MarkLogic Server CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45818
IBM OmniFind CorelDRAW Parser Buffer Overflow Vulnerability

Source: CCN
Type: SA45834
Symantec Enterprise Vault Outside In Module Vulnerabilities

Source: CCN
Type: SA47271
IBM Multiple Products Outside In Technology Multiple Vulnerabilities

Source: CCN
Type: SA47683
IBM DB2 Accessories Suite Outside In Technology Multiple Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 1574454
Potential Oracle Outside In Technology Vulnerabilities Exposed in ECM Products (CVE-2011-2264, CVE-2011-0794, and CVE-2011-0808)

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21660640

Source: CCN
Type: IBM Support and Downloads
Avoiding a Stellent security vulnerability with the CorelDraw libraries in OmniFind Enterprise Editio

Source: CCN
Type: IBM Security Bulletin 1578978
Potential Oracle Outside In Technology Vulnerabilities Exposed in DB2 9.7.0.4 Accessories Suite (CVE-2011-2264, CVE-2011-0794, and CVE-2011-0808)

Source: CCN
Type: CERT Vulnerability Note VU#103425
Oracle Outside In CorelDRAW file parser stack buffer overflow

Source: CCN
Type: US-CERT VU#103425
Oracle Outside In CorelDRAW file parser stack buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#103425

Source: CCN
Type: CERT Vulnerability Note VU#520721
Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsers

Source: CCN
Type: MarkLogic Web site
MarkLogic Server

Source: CCN
Type: Oracle Critical Patch Update Advisory - July 2011
Oracle Critical Patch Update Advisory - July 2011

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html

Source: CCN
Type: Oracle Web site
Oracle Outside In Technology

Source: CCN
Type: OSVDB ID: 73913
Oracle Outside In Technology Outside In Filters CorelDRAW Parser CDR File Handling Overflow

Source: CCN
Type: BID-48766
Oracle Outside In '.cdr' File Remote Code Execution Vulnerability

Source: CCN
Type: SYM11-011
Symantec Enterprise Vault Update for Oracle Outside In Module

Source: CERT
Type: US Government Resource
TA11-201A

Source: XF
Type: UNKNOWN
ofm-oit-cd-bo(68650)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:fusion_middleware:8.3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:groupwise:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:groupwise:8.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:omnifind:9.1:-:enterprise:*:*:*:*:*
  • OR cpe:/a:ibm:content_manager:8.4.3::~~enterprise~~~:*:*:*:*:*
  • OR cpe:/a:ibm:filenet_content_manager:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:filenet_content_manager:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:omnifind:8.5:-:enterprise:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle fusion middleware 8.3.2.0
    oracle fusion middleware 8.3.5.0
    novell groupwise 7.0
    novell groupwise 8.0
    ibm omnifind 9.1 -
    ibm content manager 8.4.3
    ibm filenet content manager 5.0.0
    ibm filenet content manager 5.1.0
    ibm omnifind 8.5 -