Oracle Fusion Middleware is prone to an overflow condition. The 'Server' subcomponent in the 'GoldenGate Veridata' component fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted an overly long XML soap request, a remote attacker can potentially execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability.

• Security Tracker: 1024981
• CVE ID: 2010-4416 (see also: NVD)
• Secunia Advisory ID: 42979
• Bugtraq ID: 45868
• VUPEN Advisory: ADV-2011-0143
• News Article: http://www.computerworld.com/s/article/9205121/Oracle_plans_to_release_66_patches_on_Tuesday
• Vendor Specific News/Changelog Entry: http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-11-019/

• Andrea Micalizzi aka rgod - Zero Day Initiative (ZDI)