Intrusion Prevention

Oracle.Data.Quality.DateTimeWrapper.onchange.Untrusted.Deref

Description

This indicates an attack attempt to exploit a Memory Corruption vulnerability in Oracle Data Integrator.
The vulnerability, which is located in the "DateTimeWrapper" ActiveX control, can be exploited through a vulnerable parameter. An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and execute arbitrary codes within the context of the users' browser.

Affected Products

Oracle Oracle Data Profiling and Data Quality for Data Integrator 11.1.1.3.0 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

CVE References

CVE-2014-2416