CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-1442

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.5%

CVSS Severity

CVSS v2 Score 7.2

References

http://argeniss.com/research/10MinSecAudit.zip
http://osvdb.org/33979
http://secunia.com/advisories/24475
http://www.securityfocus.com/bid/22905
http://argeniss.com/research/10MinSecAudit.zip
http://osvdb.org/33979
http://secunia.com/advisories/24475
http://www.securityfocus.com/bid/22905

Products affected by CVE-2007-1442

Oracle » Database Server » Version: 10.2.1

cpe:2.3:a:oracle:database_server:10.2.1
Oracle » Database Server » Version: 10.2.2

cpe:2.3:a:oracle:database_server:10.2.2
Oracle » Database Server » Version: 10.2.3

cpe:2.3:a:oracle:database_server:10.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-1442

Products

Pricing

Contact Us