Oracle Hyperion Financial Management ActiveX Heap Overflow

Added: 11/21/2011
BID: 50565
OSVDB: 76913


Oracle Hyperion Financial Management is a web-based financial consolidation, reporting and analysis solution.


Hyperion Financial Management webapp installs an ActiveX control on the target system. This control is marked as safe for scripting and initialization, which allows any website to utilize it. The SetDevNames function does not properly validate its parameters. A malicious website could instantiate the ActiveX control and pass a specially crafted long value to SetDevNames, which would trigger a heap overflow. If used in combination with a heap spray, this may allow an attacker to gain remote execution privilege on the target system.


No update is available for this vulnerability at the time of publishing this exploit. The ActiveX control can have its kill bit set by following the instruction detailed here. Please note that this may prevent the web client from functioning properly.



This exploit has been tested against Oracle Hyperion Strategic Finance on Windows XP SP3 English (DEP OptIn) with KB2586448.



Back to exploit index