(0Day) Oracle Data Quality DscXB onloadstatechange Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TSS12.DscXB.XB ActiveX control. By modifying the HTML document within the onloadstatechange handler of the control, an attacker can cause an object to be used after it has been freed. An attacker could leverage this to execute arbitrary code in the context of the browser.