Lucene search
HistoryMar 13, 2015 - 12:00 a.m.
(0Day) Oracle Data Quality LoaderWizard SetEntities Type Confusion Remote Code Execution Vulnerability
0.786 High
EPSS
Percentile
98.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TSS12.LoaderWizard.lwctrl ActiveX control. The SetEntities method does not validate the type of data passed to it, instead treating any object passed in as if it were the expected type. An attacker could leverage this to execute arbitrary code in the context of the browser.
Related
checkpoint_advisories
checkpoint_advisories
cve
cve
prion
prion
Design/Logic Flaw
2015-07-16 10:59:00
Design/Logic Flaw
2015-07-16 10:59:00
Design/Logic Flaw
2015-07-16 11:00:00
cvelist
cvelist
nvd
nvd
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-07-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2015
2015-07-14 00:00:00