CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
99.0%
Added: 11/03/2006
CVE: CVE-2006-0272
BID: 16287
OSVDB: 22567
Oracle Database Server includes the **DBMS_XMLSCHEMA**
component, which contains procedures for managing XML schemas.
A buffer overflow vulnerability in the **DBMS_XMLSCHEMA.GENERATESCHEMA**
procedure allows database users to execute arbitrary commands.
Install the patch referenced in the January 2006 Critical Patch Update.
<http://www.kb.cert.org/vuls/id/545804>
<http://archives.neohapsis.com/archives/vulnwatch/2006-q1/0037.html>
Exploit works on Oracle Database 10.1.0.2 and 9.2.0.1 and requires the login and password to an Oracle account with connect privileges.
Windows