Security vulnerabilities in Oracle Outside In Technology and Oracle Java Development Kits (JDKs) can affect the security of IBM Content Classification, also known as IBM InfoSphere Classification Module.
CVE ID:CVE-2013-5791
.
DESCRIPTION:
The Oracle Outside In Microsoft Access 1.x database file parser is vulnerable to a stack-based buffer overflow. A remote attacker could exploit this vulnerability using a specially-crafted file to overflow a buffer and execute arbitrary code on the system with the privileges of the vulnerability application or victim user.
_CVSS Base 10
CVSS Temporal Score _See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87925>_ for the current score
CVSS Environmental Score Undefined
CVSS Vector _(AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVE ID:CVE-2013-5843
DESCRIPTION:
A maliciously crafted font file can lead to a double free, which in turn could allow untrusted code to disable the security manager and execute arbitrary code. In a server context, the double free would crash the JVM process, so it could be used to launch a denial of service attack. The fix corrects the font parsing code to prevent the double free.
CVSS Base Score 10
CVSS Temporal Score_ See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87971> for the current score
CVSS Environmental Score Undefined
CVSS Vector _(AV/N:AC/L:Au/N:C/C:I/C:A/C)
IBM Content Classification Versions 8.7 and 8.8
Fixes are available in Interim Fix 2. Click one of the following links for instructions on downloading and installing Interim Fix 2:
None. Install the interim fix.