Release DateNov 25, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates a possible attempt to exploit a heap overflow vulnerability in Oracle Hyperion Strategic Finance.The vulnerability is located in the "TTF16.ocx" ActiveX control, which through misuse of the "SetDevNames" function. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial-of-service condition. |
Affected ProductsOracle Hyperion Strategic Finance Client 12.x |
Recommended ActionsCurrently we are not aware of any vendor supplied patch for this issue. |
Coverage IPS
VCM |
Reference/shttp://www.exploit-db.com/exploits/18092/ |
