MarkLogic Corporation Information for VU#520721
Oracle Outside In contains exploitable vulnerabilities in Lotus 123 and Microsoft CAB file parsers
- Vendor Information Help Date Notified: 08 Aug 2011
- Statement Date:
- Date Updated: 26 Aug 2011
MarkLogic Corporation acknowledges CERT Vulnerability Notes VU#103425 and
VU#520721 and confirms that an affected version of Oracle Outside In is bundled
and shipped with MarkLogic Server versions 4.0, 4.1 and 4.2. Outside In file
conversion is a keyed option in MarkLogic Server. The Outside In converters
cannot be accessed from within the MarkLogic Server programming environment
without an installed license key that enables the Outside In conversion
option. The Outside In conversion option for MarkLogic Server has not been
advertised and circulation is highly restricted. Therefore, the security risk
imposed by the bundled Outside In utility on the MarkLogic user community is
Regardless, the affected Outside In libraries have been removed from MarkLogic
Server 4.1 (4.1-11) and 4.2 (4.2-6) and will be absent in all future
maintenance releases for those codelines. Further, Outside In will be removed
entirely from upcoming MarkLogic Server version 5.0.
We are not aware of further vendor information regarding this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us email.