ID	37169
Created	Oct 17, 2013
Updated	Nov 15, 2021
Severity
CVE ID	CVE-2011-5167
EPSS	92.76%
Coverage	IPS (Regular DB) IPS (Extended DB)
Default Action	drop
Active
Affected OS	Windows
Affected App	Oracle

Legend

Active/Available
InActive/Not Available

Database Update History

Date	Version	Detail
2019-03-05	14.565	Sig Added

Refine Search

Threat Encyclopedia

Oracle.Hyperion.Strategic.Finance.TTF16.ActiveX.Buffer.Overflow

Description

This indicates an attack attempt against a Buffer Overflow vulnerability in Oracle Hyperion Strategic Finance Client.
The vulnerability, which is located in the "TTF16.ocx" ActiveX control, can be exploited through the vulnerable method "SetDevNames". It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial of service condition.

Affected Products

Oracle Hyperion Strategic Finance 12.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Disable this ActiveX Control by setting its kill bit {B0475003-7740-11D1-BDC3-0020AF9F8E6E}, by the method shown on the website: http://support.microsoft.com/kb/240797

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiGate

FortiClient

FortiSandBox

FortiMail

FortiADC

FortiWeb

FortiCNP

FortiNDR

FortiDeceptor

FortiEDR

FortiAnalyzer