Oracle 10g - emagent.exe Stack-Based Overflow Release Date: October 18, 2005 Severity: Critical Systems Affected ---------------- For a complete list of products and components affected, please visit http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html Description ----------- A vulnerability has been discovered in Oracle Application Server 10g (10.1.2) on Windows 2000 Server and others (see list above). If exploited, this can result in user-specified code being executed under the security context of the Oracleoracleas1ASControl service - \\NT Authority\SYSTEM by default. Remediation ----------- The issue can be resolved by applying the patches provided by October 2005 Oracle Critical Patch Update available from http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html. Vendor Information ------------------ Oracle was contacted on March 7, 2005. For more information about this advisory please visit Oracle Critical Patch Update page http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html. Contact Information spilabs@xxxxxxxxxxxxxxx SPI Dynamics, Inc. 115 Perimeter Center Place N.E. suite 1100 Atlanta, GA. 30346 Toll-Free Phone: (866) 774-2700 SPI Dynamics was founded in 2000 by a team of accomplished Web security specialists; SPI Dynamics is the leader in Web application security technology. With such signature products as WebInspect, SPI Dynamics is dedicated to protecting companies' most valuable assets. SPI Dynamics has created a new breed of Internet security products for the Web application, the most vulnerable yet least secure component of online business infrastructure. Copyright (c) 2005 SPI Dynamics, Inc. All rights reserved worldwide.
