Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Recent Oracle exploit is _actually_ an 0day with no patch
Apr 28 2006 01:24AM
David Litchfield (davidl ngssoftware com)
>>The recent Oracle exploit posted to Bugtraq
>>(http://www.securityfocus.com/archive/1/431353) is actually an 0day
>>and has no patch.
> The referenced exploit seems to use GET_DOMAIN_INDEX_METADATA with a
> TYPE_NAME that references an attacker-defined package with a
> (modified?) ODCIIndexGet...
[ more ]
Copyright 2010, SecurityFocus