vendor:
orakill.exe
by:
hyp3rlinx
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: orakill.exe
Affected Version From: 11.2.2000
Affected Version To: 11.2.2000
Patch Exists: YES
Related CWE:
CPE: oracle:orakill
Platforms Tested: Windows
2016
Oracle orakill.exe Buffer Overflow
ToLower() filter being applied to supplied arguments e.g. 'A' x41 beomes 'a' x61 etc... may be possible to subvert using encoder technique like 'ALPHA3'. Also we need to supply a second argument of just 4 bytes to trigger the access violation.
Mitigation:
Apply the security patch provided by Oracle.