Oracle AutoVue AutoVueX ActiveX Control ExportEdaBom Arbitrary File Overwrite

Added: 11/07/2011
BID: 50332
OSVDB: 76539

Background

Oracle AutoVue Enterprise Visualization is a suite of Oracle products designed to deliver a web-based capability to access, view, digitally annotate and collaborate on technical and business documents, without requiring specialized computer-aided design (CAD) tools. AutoVue includes tools for Electronic Design Automation (EDA), a category of software tools for designing electronic systems such as printed circuit boards and integrated circuits.

Problem

A file creation vulnerability exists in Oracle AutoVue ActiveX control. The vulnerability is due to an unrestricted sFileName parameter in the ExportEdaBom() function, which can be used to create or overwrite any file on the system. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted web page.

Resolution

Update Oracle AutoVue when a patch becomes available. As a workaround, set the kill bit for AutoVueX.ocx ActiveX control associated with CLSID {B6FCC215-D303-11D1-BC6C-0000C078797F}.

References

http://retrogod.altervista.org/9sg_autovue.html
http://secunia.com/advisories/46473

Limitations

Exploit works on Oracle AutoVue 20.0.2.

Target user must open the exploit file in Internet Explorer.

Platforms

Windows

Back to exploit index