Oracle Job Scheduler Named Pipe Command Execution Vulnerability
Severity: HIGH
DESCRIPTION
An arbitrary command execution vulnerability exists in Oracle Job Scheduler. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex" and execute arbitrary commands received over this channel via CreateProcess(). In order to connect to the Named Pipe remotely, SMB access is required.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1007699