Oracle AutoVue Office Desktop API Issue (July 6, 2012)


Oracle’s AutoVue solutions are designed to meet all of an organization’s document visualization requirements. They can serve as the window for visualization across all enterprise applications and can even meet the basic viewing needs of individual desktops. AutoVue includes tools for Electronic Design Automation (EDA), a category of software tools for designing electronic systems such as printed circuit boards (PCB) and integrated circuits.

Oracle’s AutoVue solutions have multiple products, including but not limited to AutoVue 3D Professional Advanced, AutoVue Office, AutoVue Integrations, AutoVue EDA Professional etc. Oracle’s AutoVue Office delivers native document viewing and digital annotation capabilities for Microsoft Office, portable document format (PDF), and graphic document types. Users can view, print, review, and collaborate on hundreds of digital documents without requiring the authoring applications that were used to create them.

A critical vulnerability has been found in Oracle’s AutoVue Office product. The vulnerability can be exploited over the ‘HTTP’ protocol, and it allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API. It affects the Oracle AutoVue version 20.0.2.

Dell SonicWALL UTM team has researched this vulnerability and will release the following IPS signature to detect it.

  • 8107 Oracle AutoVue Office Desktop API Component Issue

The following generic IPS signatures can also provide protection addressing this issue.

  • 3756 HTTP Client Shellcode Exploit 19a
  • 4095 Client Application Shellcode Exploit 7
  • 4297 Client Application Shellcode Exploit 1
  • 6395 Client Application Shellcode Exploit 23

This vulnerability has been referred by CVE as CVE-2012-0549.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.