|Date: (C)2007-11-08 (M)2016-04-05|
|CVSS Score: 8.5||Access Vector: NETWORK|
|Exploitability Subscore: 6.8||Access Complexity: MEDIUM|
|Impact Subscore: 10.0||Authentication: SINGLE_INSTANCE|
| ||Confidentiality: COMPLETE|
| ||Integrity: COMPLETE|
| ||Availability: COMPLETE|
Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 22.214.171.124, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure.