Oracle Job Scheduler Named Pipe Command Execution Vulnerability
Publish Date: 13 Juli 2016
Schweregrad:: Hoch
Beschreibung
An arbitrary command execution vulnerability exists in Oracle Job Scheduler. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex" and execute arbitrary commands received over this channel via CreateProcess(). In order to connect to the Named Pipe remotely, SMB access is required.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1007699