>The recent Oracle exploit posted to Bugtraq >(http://www.securityfocus.com/archive/1/431353) is actually an 0day >and has no patch. The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a TYPE_NAME that references an attacker-defined package with a (modified?) ODCIIndexGetMeta function. Your last example uses GET_V2_DOMAIN_INDEX_TABLES, with arguments that reference an attacker-defined package with a (modified?) ODCIIndexUtilGetTableNames function. Is this a surface-level discrepancy, or is your vector substantively different than the one in the exploit? If these are different, then is it possible that last week's exploit was actually fixed? - Steve P.S. For those of you who are paying attention at this excruciating level of detail, it seems that David's original use of GET_DOMAIN_INDEX_METADATA in 2004 directly included the code in the NEWBLOCK argument, whereas last week's exploit was performed through an indirect reference to the code in the TYPE_NAME argument.
