Oracle Outside In XPM Image Processing Stack Overflow
Added: 09/10/2012Background
Oracle Outside In is a suite of software development kits that provides developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats.Problem
In Outside In versions 8.3.5.0 through 8.3.7, the XPM image processing method does not properly validate the value of the chars_per_pixel length string in XPM images. The value of this string is copied to a statically allocated string buffer without validating that the string can fit into the buffer, causing a stack overflow. This vulnerability may be exploited by an attacker who can convince a user of an application that uses a vulnerable version of Outside In to open a specially crafted XMP file.Resolution
Because Outside In is an SDK, 3rd party applications distribute the libraries. Check with your application provider to make sure you are running the latest version of the affected software.References
http://www.zerodayinitiative.com/advisories/ZDI-12-150/http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
Limitations
This exploit has been tested against Avantstar Quick View Plus 12.0.0 Standard Edition on Windows XP SP3 English (DEP OptIn).Platforms
WindowsBack to exploit index