'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:333209)

Rule General Information
Release Date: 2021-03-26
Rule Name: Oracle Data Control ORADC ActiveX Control Remote Code Execution Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: There exists a remote code execution vulnerability in the Oracle ORADC ActiveX control. The vulnerability is caused due to improper validation of the state before performing specific operations of the the vulnerable ActvieX control name ORADC.ORADCCtrl. A remote attacker may leverage the vulnerability to to inject and execute arbitrary code in the security context of the currently logged user. In an attack case where code injection is not successful, the browser by which the ActiveX control is instantiated will terminate abnormally. In a more sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the currently logged in user.
Impact: An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.