Orbital Viewer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Orbital Viewer when handling .ORB files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .ORB file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Oracle WebCenter Content is prone to a Remote File Execution vulnerability within the CheckOutAndOpen.dll ActiveX when using openWebdav method. By specifying a constructed path an attacker can force the contents of the file to be passed to ShellExecuteExW, thus being able to execute arbitrary files. The payload is embedded on a VBS file which is automatically executed when a HTA file is requested through Webdav. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
A stack-based buffer overflow in Oracle Outside In library used by Quick View, allows an attacker to execute arbitrary code via crafted .XPM file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
A stack-based buffer overflow in Oracle Ouside In library used by ACDSee Canvas, allows an attacker to execute arbitrary code via crafted .XLSX file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a command injection bug in several Java Runtime Environments.
This module exploits a vulnerability in Oracle Java. The vulnerability is an invalid array indexing that exists within the native storeImageArray() function inside jre/bin/awt.dll
This module exploits a stack-based buffer overflow vulnerability in Oracle Java SE when jsound.dll parses a specially crafted Soundbank file.
The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 holds a memory corruption vulnerability that allows the bypassing of "dataOffsets[]" boundary checks. This module exploits such vulnerability allowing for remote code execution.
The Rhino Script Engine of Oracle Java fails to properly check for permissions on JavaScript error objects. This flaw allows an unprivileged applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.
This module exploits a vulnerability in Oracle Java. Abusing the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments it is possible to execute arbitrary code.