Full title: Oracle GENERATESCHEMA Buffer Overflow Exploit 
Category: remote exploits
Platform: windows
This Exploit a buffer overflow in Oracle10g. When sending a specially formatted query to the GENERATESCHEMA function in the XDB.DBMS_XMLSCHEMA package, an attacker may be able to execute arbitrary code. NOTE: For targets running DEP, you will need to choose target 0 then rexploit with target 1. The first query will disable DEP fro the ORACLE.EXE process. 

The following product versions are affected:

* Oracle Database 10g Release 2, version 10.2.0.1
* Oracle Database 10g Release 1, versions 10.1.0.3, 10.1.0.4, 10.1.0.5
* Oracle9i Database Release 2, versions 9.2.0.6, 9.2.0.7
* Oracle8i Database Release 3, version 8.1.7.4
* Oracle Enterprise Manager 10g Grid Control, versions 10.1.0.3, 10.1.0.4
* Oracle Application Server 10g Release 2, versions 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1.0
* Oracle Application Server 10g Release 1 (9.0.4), versions 9.0.4.1, 9.0.4.2
* Oracle Collaboration Suite 10g Release 1, versions 10.1.1, 10.1.2
* Oracle9i Collaboration Suite Release 2, version 9.0.4.2
* Oracle E-Business Suite Release 11i, versions 11.5.1 through 11.5.10 CU2
* Oracle E-Business Suite Release 11.0
* PeopleSoft Enterprise Portal, versions 8.4, 8.8, 8.9
* JD Edwards EnterpriseOne Tools, OneWorld Tools, versions 8.95.F1, SP23_L1
* Oracle Database 10g Release 1, version 10.1.0.4.2
* Oracle Developer Suite, versions 6i, 9.0.2.1, 9.0.4.1, 9.0.4.2, 10.1.2.0
* Oracle Workflow, versions 11.5.1 through 11.5.9.5
* Oracle9i Database Release 1, versions 9.0.1.4, 9.0.1.5, 9.0.1.5 FIPS
* Oracle8 Database Release 8.0.6, version 8.0.6.3
* Oracle9i Application Server Release 1, version 1.0.2.2

Oracle has provided no specifics regarding the nature of these vulnerabilities.

# 0day.today @ http://0day.today/