CVE-2012-1744 : Detail

CVE-2012-1744

4.64%V4
Local
2012-07-17
20h00 +00:00
2017-08-28
10h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent users to affect availability via unknown vectors related to Outside In Filters.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE Other No informations.

Metrics

Metrics Score Severity CVSS Vector Source
V2 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS V0
EPSS V1
EPSS V2
EPSS V3
EPSS V4
15.0015.0012.0012.009.009.006.006.003.003.000.000.002.48%2.48%2.46%2.75%2.75%2.75%12.71%9.94%9.94%7.28%5.27%4.8%3.84%4.08%3.84%4.29%Jul '22Jul '2220232023Jul '23Jul '2320242024Jul '24Jul '2420252025
Download SVG
Download PNG
Download CSV

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
1001009090808070706060505058%80%80%82%83%83%95%94%95%94%93%92%92%92%92%88%89%Jul '22Jul '2220232023Jul '23Jul '2320242024Jul '24Jul '2420252025
Download SVG
Download PNG
Download CSV
EPSS First.org

Exploit information

Exploit Database EDB-ID : 19960

Publication date : 2012-07-19 22h00 +00:00
Author : Francis Provencher
EDB Verified : Yes

#####################################################################################
Application: Oracle Outside-In FPX File Parsing Heap Overflow
Version: he vulnerabilities are reported in versions 8.3.5 and 8.3.7.
Exploitation: Remote code execution
Secunia Number: SA49936
{PRL}: 2012-26
Author: Francis Provencher (Protek Research Lab's)
Website: http://www.protekresearchlab.com/
Twitter: @ProtekResearch
#####################################################################################
1) Introduction
2) Timeline
3) Technical details
4) PoC
 
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Products Mentioned

Configuraton 0

Oracle>>Fusion_middleware >> Version 8.3.5.0

Oracle>>Fusion_middleware >> Version 8.3.7.0

References

http://www.securityfocus.com/bid/54552
Tags : vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1027264
Tags : vdb-entry, x_refsource_SECTRACK
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Tags : vendor-advisory, x_refsource_MANDRIVA