Buffer overflow in Oracle Hyperion_strategic_finance

CVE-2011-5167

Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code vi…

Vulnerability class: Buffer Overflow

EPSS: 0.564 (98.2th percentile) — read the EPSS interpretation.

Affected products

Oracle Hyperion_strategic_finance — versions 11.1.2.1.0
Tidestone Formula_one_activex_control — versions 6.3.5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

18092 (Exploit, exploit, x_refsource_EXPLOIT-DB)
50565 (vdb-entry, x_refsource_BID)
76913 (x_refsource_OSVDB, vdb-entry)
oracle-hyperion-activex-bo(71163) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
46764 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)