Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Update for CVE-2012-3132

Published: 2012-09-23
Last Updated: 2012-09-23 15:33:58 UTC
by Tony Carothers (Version: 1)
1 comment(s)

In July of this year Oracle sent a vulnerability notification to it's users for the Oracle Security Alert CVE-2012-3132.  At the time of the publication of the security bulletin it was noted that this exploit was not remotely exploitable.  The remote capabilities, or lack thereof, in this vulnerability was called into question, with a very interesting write up on the Kaspersky Labs Security News Service.  Many organizations I have worked with would initially deem this a very low risk, due to the lack of remote capabilities, so it may be time for a reassessment of the risk.

I am not on the Oracle Security newsfeeds, so if anybody has a notification from Oracle that they are permitted to share, we would love to help get the word out.

 

tony d0t carothers - gmail

Keywords: CVE20123132 oracle
1 comment(s)
Diary Archives