Oracle.AutoVue.ActiveX.Control.Remote.File.Creation
Description
This indicates an attack attempt to exploit a remote file creation vulnerability in Oracle AutoVue.
The vulnerability is located in the "AUTOVUEX.AutoVueXCtrl" ActiveX control through miss-use of "Control" property. It may allow remote attackers to write arbitrary files in the context when they are logging in the system. A remote attacker could exploit this vulnerability to execute arbitrary code via a crafted web page.
Affected Products
Oracle AutoVue 20.0.1
Impact
System Compromise: Remote attackers can create or overwrite arbitrary files in the context
Recommended Actions
Disable this ActiveX Control by setting its kill bit
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |