Multiple vulnerabilities have been reported in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

1) An unspecified error in the Outside In Filters component can be exploited via a specially crafted VSD file.

2) An unspecified error in the Outside In Filters component can be exploited via a specially crafted WSD file.

3) An unspecified error in the Outside In Filters component can be exploited via a specially crafted DOC file.

4) An error in the JP2 stream filter (vsjp2.dll) when copying the Quantization Default (QCD) marker segment can be exploited to cause a heap-based buffer overflow via a specially crafted JPEG2000 (JP2) file.

5) An error in the LWPAPIN.DLL module when processing Lotus WordPro documents can be exploited to cause a stack-based buffer overflow via a specially crafted file.

6) An unspecified error in the Outside In Filters component can be exploited via a specially crafted SXD file.

7) An unspecified error in the Outside In Filters component can be exploited via a specially crafted PCX file.

8) An unspecified error in the Outside In Filters component can be exploited via a specially crafted SXI file.

9) An unspecified error in the Outside In Filters component can be exploited via a specially crafted DPT file.

10) An unspecified error in the Outside In Filters component can be exploited via a specially crafted PDF file.

11) An unspecified error in the Outside In Filters component can be exploited via a specially crafted SAM file.

12) An unspecified error in the Outside In Filters component can be exploited via a specially crafted ODG file.

13) An unspecified error in the Outside In Filters component can be exploited via a specially crafted CDR file.

14) An error in the FPX graphic import filter (ibfpx2.flt) when processing FPX images can be exploited to cause a heap-based buffer overflow via a specially crafted file.

Successful exploitation of these vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions 8.3.5 and 8.3.7.

Solution
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by
1 - 13) Will Dormann, CERT/CC.
4, 5, 14) Francis Provencher via Secunia.

Changelog
Further details available to Secunia VIM customers

Original Advisory
Oracle:
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html#AppendixFMW

US-CERT (VU#118913):
http://www.kb.cert.org/vuls/id/118913

Francis Provencher:
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=57&Itemid=57
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=58&Itemid=58
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=59&Itemid=59

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers