Oracle Job Scheduler Named Pipe Command Execution Vulnerability
Publish Date: 13 juillet 2016
Gravité: : Élevé
Description
An arbitrary command execution vulnerability exists in Oracle Job Scheduler. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex" and execute arbitrary commands received over this channel via CreateProcess(). In order to connect to the Named Pipe remotely, SMB access is required.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1007699