Cisco Blogs
Share

Vulnerability Spotlight: Multiple Code Execution Vulnerabilities in Oracle Outside In Technology


January 18, 2017 - 0 Comments

These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos.

Summary

Oracle’s Outside In Technology (OIT) is a set of SDKs that software developers can use to perform various actions against a large number of different file formats. According to the OIT website: “Outside In Technology is a suite of software development kits (SDKs) that provides developers with a comprehensive solution to extract, normalize, scrub, convert and view the contents of 600 unstructured file formats.” Talos recently discovered vulnerabilities in the RTF and PDF parsers used by OIT that can be used to achieve arbitrary code execution on affected systems. Specially crafted files that leverage these parsers can be used to create conditions that could be leveraged by an attacker to obtain the ability to execute arbitrary code on affected systems.

Read More >>

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.