Vulnerability Spotlight: Multiple Code Execution Vulnerabilities in Oracle Outside In Technology
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos.
Summary
Oracle's Outside In Technology (OIT) is a set of SDKs that software developers can use to perform various actions against a large number of different file formats. According to the OIT website: 'Outside In Technology is a suite of software development kits (SDKs) that provides developers with a comprehensive solution to extract, normalize, scrub, convert and view the contents of 600 unstructured file formats.' Talos recently discovered vulnerabilities in the RTF and PDF parsers used by OIT that can be used to achieve arbitrary code execution on affected systems. Specially crafted files that leverage these parsers can be used to create conditions that could be leveraged by an attacker to obtain the ability to execute arbitrary code on affected systems.
Read More »
Cisco Systems Inc. published this content on 18 January 2017 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 18 January 2017 17:16:08 UTC.
Original documenthttp://blogs.cisco.com/security/talos/vulnerability-spotlight-multiple-code-execution-vulnerabilities-in-oracle-outside-in-technology
Public permalinkhttp://www.publicnow.com/view/800F6DC96C6974984C1E13F21C4D51AF9334DAA9
Cisco Systems, Inc. is the world leader in designing, developing, and marketing Internet network equipment. Net sales break down by family of products and services as follows:
- network equipment (68.9%); switches and routers, technological software and systems (storage, Internet access, and security systems, wiring, gateways, connection interfaces and modules, etc.), etc.;
- services (24.3%): technical assistance, network design, execution, and integration services, etc.;
- security products (6.8%).
Net sales are distributed geographically as follows: Americas (58.7%), Europe/Middle East/Africa (26.6%) and Asia/Pacific (14.7%).