[VIM] [DSECRG-11-005] Oracle Document Capture empop3.dll - insecure method
security curmudgeon
jericho at attrition.org
Wed May 18 02:00:30 CDT 2011
Hi Alexandr;
: Digital Security Research Group [DSecRG] Advisory DSECRG-11-005 (internal #DSECRG-00154)
: CVE-number: CVE-2010-3591
: Oracle Document Capture contains ActiveX component EMPOP3Lib
: (empop3.dll) Lib GUID: {F647CBE5-3C01-402A-B3F0-502A77054A24} which is
: contains insecure method "DownloadSingleMessageToFile" that can delete
: any file in system.
http://seclists.org/bugtraq/2011/Jan/141
[DSECRG-00153] Oracle Document Capture Actbar2.ocx - insecure method
CVE-number: CVE-2010-3591
Oracle Document Capture contains ActiveX component ActiveBar2Library
(Actbar2.ocx) Lib GUID: {4932CEF1-2CAA-11D2-A165-0060081C43D9} which is
contains insecure method "SaveLayoutChanges" that can overwrite any
unhidden file in system.
^ Could you clarify this? Seems the same CVE is listed for both of these,
but cover different ActiveX controls and methods.
Thanks,
Brian
OSVDB.org
More information about the VIM
mailing list