>
>>The recent Oracle exploit posted to Bugtraq
>>(http://www.securityfocus.com/archive/1/431353) is actually an 0day
>>and has no patch.
>
> The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a
> TYPE_NAME that references an attacker-defined package with a
> (modified?) ODCIIndexGet...
>>The recent Oracle exploit posted to Bugtraq
>>(http://www.securityfocus.com/archive/1/431353) is actually an 0day
>>and has no patch.
>
> The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a
> TYPE_NAME that references an attacker-defined package with a
> (modified?) ODCIIndexGet...
[ more ]