Описание
Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter.
Ссылки
- Exploit
- Vendor Advisory
- Exploit
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 12.0 (включая)
Одно из
cpe:2.3:a:oracle:hyperion_strategic_finance:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_strategic_finance:11.1.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tidestone:formula_one_activex_control:6.3.5.1:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.5847
Средний
9.3 Critical
CVSS2
Дефекты
CWE-119
Связанные уязвимости
github
больше 3 лет назад
Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter.
EPSS
Процентиль: 98%
0.5847
Средний
9.3 Critical
CVSS2
Дефекты
CWE-119