Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1774

4 documents4 sources

Severity

7.2HIGH

EPSS

7.7%

top 8.10%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Application Server Oracle Oracle10g

Timeline

PublishedAug 31

Latest updateApr 29

Description

Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDoracle/oracle10genterprise_10.1.0.2, personal_10.1.0.2, standard_10.1.0.2+2

▶NVDoracle/application_server10.1.0.2

Patches

Patch: www.securiteam.com ↗Patch: www.securiteam.com ↗

🔴Vulnerability Details

GHSA

GHSA-hfx8-3wrm-cvm8: Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS↗2022-04-29

▶

CVEList

CVE-2004-1774: Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS↗2005-04-19

▶

💥Exploits & PoCs

Exploit-DB

Oracle Database 10.1 - MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow↗2005-04-13

▶