Reported February 17, 2003, by NGSSoftware.
Oracle9i Database Releases 1 and 2
Oracle 8i Database 8i, 8.1.7, 8.0.6
A vulnerability in Oracle’s Database Server can result in remote compromise of the vulnerable server. This vulnerability stems from a remotely exploitable buffer-overflow flaw in the TO_TIMESTAMP_TZ function. By supplying a long character string, an attacker can overwrite a saved return address on the stack of Oracle processes. For more details about this vulnerability, see the discoverer’s web site.
Discovered by NGSSoftware.