This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit file overwrite in Oracle AutoVue
Oracle AutoVue is a suite of visualization applications.
Oracle AutoVue 'AutoVueX.ocx' ActiveX control is prone to a vulnerability caused by an insecure method. The issue occurs because the application fails to handle user-supplied input to the 'SaveViewStateToFile()' method. The control is identified by CLSID:
Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the ActiveX control.
Oracle AutoVue 20.0.1 is vulnerable; other versions may also be affected.
- Oracle AutoVue 20.0.1 is vulnerable; other versions may also be affected.
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org.