A directory traversal vulnerability exists in Oracle WebCenter Forms Recognition. The vulnerability is due to insufficient validation of parameters used in the "SaveLayout()" method in the ActiveX control Sssplt30.ocx. This can be exploited to write arbitrary files in the context of the currently logged-on user.

A remote attacker could possibly exploit this vulnerability to achieve arbitrary code execution by enticing a target user to open a crafted web page.

The Vendor, Oracle, has provided an advisory and patches regarding this vulnerability:

http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html

• Oracle WebCenter Forms Recognition 10.1.3.5

• Access vector is NETWORK
• Access complexity is MEDIUM
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is PARTIAL
• Impact of this vulnerability on data integrity is PARTIAL
• Impact of this vulnerability on data availability is PARTIAL

• The exploitability level of this vulnerability is UNPROVEN
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED