Oracle Outside In CDR File Parser Stack Buffer Overflow

Added: 08/05/2011
CVE: CVE-2011-2264
BID: 48766
OSVDB: 73912

Background

Oracle Outside In is a suite of Software Development Kits (SDKs) and tools that provide functionality for reading and writing many different file formats. The Outside In SDK is embedded by multiple client and server products that need parsing of various file formats.

Problem

Outside In supports Corel Corporation's CDR file format used by the vector graphics editor CorelDRAW.

Resolution

Patches to Outside In are described in the Oracle Critical Patch Update Advisory for July 2011.

Update products that incorporate the vulnerable version of Outside In, such as Avantstar Quick View Plus when updates become available.

References

http://secunia.com/advisories/45297
http://www.kb.cert.org/vuls/id/520721

Limitations

Exploit works on Avantstar Quick View Plus 11.1.0 Standard Edition.

Platforms

Windows

Back to exploit index