Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Control Vulnerability

Added: 08/19/2013
CVE: CVE-2013-1559
BID: 59122
OSVDB: 92386


Oracle WebCenter Content is an open platform that allows users to create a vast range of content management applications. It consolidates unstructured content from across diverse systems so it can be centrally managed and then exposes it from within desktop productivity tools, business applications, and mobile devices.


Oracle WebCenter Content Server contains a flaw in the CheckOutAndOpen.dll ActiveX control which is triggered when user-controlled input is passed to the openWebdav method. An attacker who persuades a vulnerable user to open a specially crafted web page could execute arbitrary code in the context of the user.


Apply the update referenced in Oracle Critical Patch Update Advisory - April 2013.



This exploit was tested against Oracle WebCenter Content on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit in Internet Explorer 8 or 9.



Back to exploit index