McAfee Labs Security Advisory: MTIS10-008

Version 1

    Executive Summary
    Since the last McAfee® Labs Security Advisory (January 14), the following noteworthy events have taken place:

    • Oracle      has released an update to address the following vulnerabilities:
      • Oracle Oracle Application Server 7.0.4.3 and 10.1.4.2       Access Manager Identity Server Component Remote Code Execution       Vulnerability
      • Oracle Application Server 10.1.2.3 and 10.1.3.4 Oracle       Containers for J2EE Component Remote Code Execution Vulnerability
      • Oracle Containers for J2EE Component in Oracle       Application Server 10.1.2.3 and 10.1.3.4 Remote Code Execution       Vulnerability
      • Oracle CRM Technical Foundation (mobile) Component in       Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 Remote Code       Execution Vulnerability
      • Oracle Oracle HRMS (Self Service) Component in Oracle       E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 Remote Code Execution       Vulnerability
      • Oracle Application Object Library Component in Oracle       E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 Remote Code Execution       Vulnerability
      • Oracle Database Listener Component Potential       Information Disclosure Vulnerability
      • Oracle Database Oracle OLAP Component Vulnerability
      • Oracle Database 3.2.1.00.10 Application Express       Application Builder Vulnerability
      • Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4,       10.1.0.5, 9.2.0.8, and 9.2.0.8DV Data Pump Component Vulnerability
      • Oracle Oracle Secure Backup 10.2.0.3 Secure Backup       Component Remote Code Execution Vulnerability


    • McAfee product coverage has been updated for several vulnerabilities in Adobe products.