Oracle AutoVue SetMarkupMode ActiveX Overflow

Added: 07/17/2012
CVE: CVE-2012-0549
BID: 53077
OSVDB: 81439

Background

Oracle AutoVue Enterprise Visualization is a suite of Oracle products designed to deliver a web-based capability to access, view, digitally annotate and collaborate on technical and business documents, without requiring specialized computer-aided design (CAD) tools. AutoVue includes tools for Electronic Design Automation (EDA), a category of software tools for designing electronic systems such as printed circuit boards and integrated circuits.

Problem

The SetMarkupMode method of an ActiveX control provided by Oracle AutoVue does not properly sanitize its input parameters. If a user with this control installed were to visit a malicious web site, this vulnerability could be exploited to gain code execution on the victim's system.

Resolution

Apply the updates detailed in the Oracle April 2012 CPU. Or, set the kill bit for AutoVueX.ocx ActiveX control associated with CLSID {B6FCC215-D303-11D1-BC6C-0000C078797F}.

References

http://secunia.com/advisories/48875/
http://dvlabs.tippingpoint.com/advisory/TPTI-12-05

Limitations

This exploit has been tested against Oracle AutoVue 20.0.2 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). The HTML page must be opened using Internet Explorer 8 or 9 on the target. JRE 6 must be installed on Windows 7.

Platforms

Windows

Back to exploit index