Security Bulletin: IBM Content Collector affected by vulnerabilities in Oracle Outside In Technology (CVE-2015-4809,CVE-2015-4811,CVE-2015-4877,CVE-2015-4878, CVE-2015-0474,CVE-2015-0493)

Summary

Mutiple vulnerabilities are exposed in Oracle Outside In Technology which is used in IBM Content Collector.

Vulnerability Details

CVE-ID: CVE-2015-4809 Description: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In PDF Export SDK component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.500
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/107303&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P)

**CVE-ID:*CVE-2015-4811
Description: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In PDF Export SDK component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.500
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/107304&gt; for more information
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P)

**CVE-ID:**CVE-2015-4877
**Description:*An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.500
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/107301&gt; for more information
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P)

**CVE-ID:*CVE-2015-4878
Description: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.500
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/107302&gt; for more information
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P)

**CVE-ID:*CVE-2015-0474
Description: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.500
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102299&gt; for current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:N/A:P)

**CVE-ID:**CVE-2015-0493
**Description:*A vulnerability in Oracle Outside In Technology could allow a remote attacker to execute arbitrary code on the system. The ibpsd2.dll file improperly parses PSD (Photoshop) files. An attacker could exploit this vulnerability to cause a heap-based buffer overflow and execute arbitrary code on the system.
CVSS Base Score: 6.800
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102298&gt; for current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM Content Collector 4.0
IBM Content Collector 4.0.1

Remediation/Fixes

Product

| VRMF|Remediation/First Fix
—|—|—
IBM Content Collector | 4.0| Apply Interim Fix 4.0.0.3-IBM-ICC-IF004
IBM Content Collector | 4.0.1| Apply Fix Pack 4.0.1.2-IBM-ICC-FP002