Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Oracle 10g - emagent.exe Stack-Based Overflow
From: "SPI Labs" <Spi.Labs () spidynamics com>
Date: Wed, 19 Oct 2005 21:47:49 -0400

Oracle 10g - emagent.exe Stack-Based Overflow

Release Date: October 18, 2005
Severity: Critical

Systems Affected
For a complete list of products and components affected, please visit

A vulnerability has been discovered in Oracle Application Server 10g
(10.1.2) on Windows 2000 Server
and others (see list above).  If exploited, this can result in
user-specified code being executed under
the security context of the Oracleoracleas1ASControl service - \\NT
Authority\SYSTEM by default.

The issue can be resolved by applying the patches provided by October
2005 Oracle Critical Patch Update
available from

Vendor Information
Oracle was contacted on March 7, 2005. For more information about this
advisory please visit Oracle
Critical Patch Update page

Contact Information
spilabs () spidynamics com
SPI Dynamics, Inc.
115 Perimeter Center Place N.E.
suite 1100
Atlanta, GA. 30346
Toll-Free Phone: (866) 774-2700

SPI Dynamics was founded in 2000 by a team of accomplished Web security
specialists; SPI Dynamics is the leader in Web application security
technology. With such signature products as WebInspect, SPI Dynamics is
dedicated to protecting companies' most valuable assets. SPI Dynamics
has created a new breed of Internet security products for the Web
application, the most vulnerable yet least secure component of online
business infrastructure.

Copyright (c) 2005 SPI Dynamics, Inc. All rights reserved worldwide.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Oracle 10g - emagent.exe Stack-Based Overflow SPI Labs (Oct 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]