Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：332867）

Rule General Information


Release Date:		2021-03-26

Rule Name:		Oracle AutoVue AutoVueX ActiveX Control Export3DBom Remote Code Execution Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		An insecure method is exposed by Oracle AutoVue. The vulnerability is due to the AUTOVUEX.AutoVueXCtrl (AutoVueX.ocx) ActiveX control including the insecure "ExportEdaBom()" method. This can be exploited to write arbitrary files in the context of the currently logged-on user. A remote attacker could possibly exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows

Reference:

Solutions

Please contact the software vendor to update the software patch.