>The recent Oracle exploit posted to Bugtraq
>(http://www.securityfocus.com/archive/1/431353) is actually an 0day
>and has no patch.
The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a
TYPE_NAME that references an attacker-defined package with a
(modified?) ODCIIndexGetMeta functi...
>The recent Oracle exploit posted to Bugtraq
>(http://www.securityfocus.com/archive/1/431353) is actually an 0day
>and has no patch.
The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a
TYPE_NAME that references an attacker-defined package with a
(modified?) ODCIIndexGetMeta functi...
[ more ]