Oracle AutoVue AutoVueX ActiveX Control ExportEdaBom Arbitrary File Overwrite

Added: 11/07/2011
BID: 50332
OSVDB: 76539


Oracle AutoVue Enterprise Visualization is a suite of Oracle products designed to deliver a web-based capability to access, view, digitally annotate and collaborate on technical and business documents, without requiring specialized computer-aided design (CAD) tools. AutoVue includes tools for Electronic Design Automation (EDA), a category of software tools for designing electronic systems such as printed circuit boards and integrated circuits.


A file creation vulnerability exists in Oracle AutoVue ActiveX control. The vulnerability is due to an unrestricted sFileName parameter in the ExportEdaBom() function, which can be used to create or overwrite any file on the system. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted web page.


Update Oracle AutoVue when a patch becomes available. As a workaround, set the kill bit for AutoVueX.ocx ActiveX control associated with CLSID {B6FCC215-D303-11D1-BC6C-0000C078797F}.



Exploit works on Oracle AutoVue 20.0.2.

Target user must open the exploit file in Internet Explorer.



Back to exploit index