Oracle Prerelease Info, Tivoli Bof

There’s a vulnerability in Oracle Siebel SimBuilder that could allow for remote system compromise. This vulnerability is related to a vulnerability in NCTAudioFile2.dll. The vulnerability affects version version 7.8.5 build 2635. Other version have not been tested so they may be vulnerable as well. Users should disable the affected ActiveX control. If you are affected by this and would like more information please feel free to contact us.
Tivoli Storage Manager Express is vulnerable to a heap based buffer overflow. This can be exploited by a malicious user on the network to cause code execution under the SYSTEM user. Versions of the software prior to 5.3.7.3 are affected. Administrators of this software should apply the updates available at ftp://service.boulder.ibm.com/storage/tivoli-storage-management/patches/express/NT/5.3.7.3/
Also, Oracle will be releasing critical patch updates Tuesday, January 15th. Several critical vulnerabilities in database software and application servers are expected to be announced. We will provide more details as they are made available.

Leave a Reply