Cisco Systems, Inc. Information for VU#103425

Oracle Outside In CorelDRAW file parser stack buffer overflow

Status

Affected

Vendor Statement

Cisco Security Agent is affected by vulnerabilities that could allow an
unauthenticated attacker to perform remote code execution on the affected
device. These vulnerabilities are in a third-party library (Oracle Outside In)
and are documented in CERT-CC Vulnerability Note VU#520721 at
http://www.kb.cert.org/vuls/id/520721

Cisco has released free software updates that address these vulnerabilities.

No workaround is available to mitigate these vulnerabilities.
This advisory is posted at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa

Addendum

Cisco Security Agent uses Oracle Outside In to provide Data Loss Prevention (DLP) functionality. Although the Cisco update only refers to VU#520721, it includes the updated CorelDRAW parser as well.

If you have feedback, comments, or additional information about this vulnerability, please send us email.