Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite

Added: 05/02/2012
CVE: CVE-2012-1710
BID: 53062
OSVDB: 81366

Background

Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition (OFR) is an intelligent data capture solution that integrates with WebCenter Imaging.

Problem

Oracle Forms Recognition (OFR) installs an ActiveX control named Sssplt30.ocx on the systems of its users. In OFR versions 10.1.3.5 and prior, the Save method of the SSSplitter control does not properly validate the parameters. An attacker can leverage this weakness and construct a malicious SSSplitter object, then save it to a location of their choice. This may result in the attacker gaining full execution access on the target's system.

Resolution

Apply the updates suggested in the vendor advisory.

References

http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
http://www.zerodayinitiative.com/advisories/ZDI-12-074/

Limitations

This exploit has been tested against Oracle WebCenter Forms Recognition 10.1.3.5 on Windows XP SP3 English (DEP OptIn). The system must be rebooted before the payload is executed.

Platforms

Windows

Back to exploit index