NVD Vulnerability Detail

CVE-2007-2110

Summary	Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03).
Summary	Vulnerabilidad no especificada en el componente Core RDBMS para Oracle Database 9.0.1.5+, 9.2.0.7 y 10.1.0.4 sobre sistemas Windows tiene impacto y vectores de ataque no especificados, también conocida como DB03. NOTA: a partir de 20070424, Oracle no ha disputado alegaciones confiables sobre que DB03 ocurre debido a que RDBMS utiliza una NULL Discretionary Access Control List (DACL) para el proceso Oracle y determinadas secciones de memoria compartida, lo que permite a usuarios locales inyectar hilos y ejecutar código arbitrario a través de las funciones OpenProcess, OpenThread y SetThreadContext (DB03).
Publication Date	April 19, 2007, 3:19 a.m.
Registration Date	Jan. 29, 2021, 2:11 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	4.4
Vector	AV:L/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:oracle:database_server:9.0.1.5:::::::*
cpe:2.3:a:oracle:database_server:9.2.0.7:::::::*
cpe:2.3:a:oracle:database_server:10.1.0.4:::::::*

Configuration2		or higher	or less	more than	less than

Related information, measures and tools

No	URL	refsource
1	http://www.freelists.org/archives/oracle-l/12-2006/msg00004.html	cve@mitre.org
2	http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf	cve@mitre.org
3	http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf	cve@mitre.org
4	http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html	cve@mitre.org
5	http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html	cve@mitre.org
6	http://www.securityfocus.com/archive/1/466329/100/200/threaded	cve@mitre.org
7	http://www.securityfocus.com/bid/23532	cve@mitre.org
8	http://www.securitytracker.com/id?1017927	cve@mitre.org
9	http://www.us-cert.gov/cas/techalerts/TA07-108A.html	cve@mitre.org
10	http://www.vupen.com/english/advisories/2007/1426	cve@mitre.org
11	https://www.blackhat.com/presentations/bh-dc-07/Cerrudo/Presentation/bh-dc-07-Cerrudo-ppt.pdf	cve@mitre.org
12	http://www.freelists.org/archives/oracle-l/12-2006/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
13	http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf	af854a3a-2127-422b-91ae-364da2661108
14	http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf	af854a3a-2127-422b-91ae-364da2661108
15	http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html	af854a3a-2127-422b-91ae-364da2661108
16	http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html	af854a3a-2127-422b-91ae-364da2661108
17	http://www.securityfocus.com/archive/1/466329/100/200/threaded	af854a3a-2127-422b-91ae-364da2661108
18	http://www.securityfocus.com/bid/23532	af854a3a-2127-422b-91ae-364da2661108
19	http://www.securitytracker.com/id?1017927	af854a3a-2127-422b-91ae-364da2661108
20	http://www.us-cert.gov/cas/techalerts/TA07-108A.html	af854a3a-2127-422b-91ae-364da2661108
21	http://www.vupen.com/english/advisories/2007/1426	af854a3a-2127-422b-91ae-364da2661108
22	https://www.blackhat.com/presentations/bh-dc-07/Cerrudo/Presentation/bh-dc-07-Cerrudo-ppt.pdf	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List