CVE-2007-2110
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03).
Vulnerabilidad no especificada en el componente Core RDBMS para Oracle Database 9.0.1.5+, 9.2.0.7 y 10.1.0.4 sobre sistemas Windows tiene impacto y vectores de ataque no especificados, también conocida como DB03. NOTA: a partir de 20070424, Oracle no ha disputado alegaciones confiables sobre que DB03 ocurre debido a que RDBMS utiliza una NULL Discretionary Access Control List (DACL) para el proceso Oracle y determinadas secciones de memoria compartida, lo que permite a usuarios locales inyectar hilos y ejecutar código arbitrario a través de las funciones OpenProcess, OpenThread y SetThreadContext (DB03).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-04-18 CVE Reserved
- 2007-04-18 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.freelists.org/archives/oracle-l/12-2006/msg00004.html | Mailing List | |
| http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf | X_refsource_misc | |
| http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf | X_refsource_misc | |
| http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html | X_refsource_confirm |
|
| http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html | X_refsource_misc | |
| http://www.securityfocus.com/bid/23532 | Vdb Entry | |
| http://www.securitytracker.com/id?1017927 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA07-108A.html | Third Party Advisory | |
| https://www.blackhat.com/presentations/bh-dc-07/Cerrudo/Presentation/bh-dc-07-Cerrudo-ppt.pdf | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/archive/1/466329/100/200/threaded | 2018-10-16 | |
| http://www.vupen.com/english/advisories/2007/1426 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 9.0.1.5 Search vendor "Oracle" for product "Database Server" and version "9.0.1.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 9.2.0.7 Search vendor "Oracle" for product "Database Server" and version "9.2.0.7" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 10.1.0.4 Search vendor "Oracle" for product "Database Server" and version "10.1.0.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|