CVE-2011-0794 - OpenCVE

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Fusion Middleware

Configuration 1 [-]

cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/44295
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa
http://www-01.ibm.com/support/docview.wss?uid=swg21660640
http://www.kb.cert.org/vuls/id/520721
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
http://www.securityfocus.com/bid/47437

History

No history.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2011-04-20T03:09:00

Updated: 2024-08-06T22:05:53.574Z

Reserved: 2011-02-04T00:00:00

Link: CVE-2011-0794

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2011-04-20T03:14:05.270

Modified: 2016-05-25T18:34:58.963

Link: CVE-2011-0794

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-04-28T18:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"}, {"name": "20111026 Cisco Security Agent Remote Code Execution Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309"}, {"name": "44295", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44295"}, {"name": "47437", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47437"}, {"name": "VU#520721", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/520721"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2011-0794", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"}, {"name": "20111026 Cisco Security Agent Remote Code Execution Vulnerabilities", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"}, {"name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309", "refsource": "CONFIRM", "url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309"}, {"name": "44295", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44295"}, {"name": "47437", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47437"}, {"name": "VU#520721", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/520721"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:05:53.574Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"}, {"name": "20111026 Cisco Security Agent Remote Code Execution Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309"}, {"name": "44295", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44295"}, {"name": "47437", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47437"}, {"name": "VU#520721", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/520721"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2011-0794", "datePublished": "2011-04-20T03:09:00", "dateReserved": "2011-02-04T00:00:00", "dateUpdated": "2024-08-06T22:05:53.574Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA5EE411-1F96-4BAC-931B-50A214E57D04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.3.5.0 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con File ID SDK. NOTA: la informaci\u00f3n anterior fue obtenida de la CPU de Abril de 2011. Oracle no ha comentado sobre alegaciones de un tercero confiable que este problema est\u00e1 en (a) sccut.dll o (b) libsc_ut.so en Outside In 8.3.5.x hasta la versi\u00f3n 8.3.5.5684, seg\u00fan se usa cuando se utiliza la funcionalidad de identificaci\u00f3n de archivo CAB para interpretar archivos OneNote (.onepkg) y otros formatos."}], "id": "CVE-2011-0794", "lastModified": "2016-05-25T18:34:58.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-04-20T03:14:05.270", "references": [{"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44295"}, {"source": "secalert_us@oracle.com", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"}, {"source": "secalert_us@oracle.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"}, {"source": "secalert_us@oracle.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/520721"}, {"source": "secalert_us@oracle.com", "url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309"}, {"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/47437"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}