cpe:/a:oracle:database_server cpe:/a:oracle:database_server:9.2.0.1 cpe:/a:oracle:database_server:9.2.0.2 cpe:/a:oracle:database_server:9.2.0.3 cpe:/a:oracle:database_server:9.2.0.4 cpe:/a:oracle:database_server:9.2.0.5 cpe:/a:oracle:database_server:9.2.0.6 cpe:/a:oracle:database_server:10.1.0.2 cpe:/a:oracle:database_server:10.1.0.3 cpe:/a:oracle:database_server:10.1.0.4 CVE-2007-5897 2007-11-08T16:46:00.000-05:00 2012-10-22T22:37:35.320-04:00 8.5 NETWORK MEDIUM SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-11-09T09:29:00.000-05:00 ALLOWS_ADMIN_ACCESS BUGTRAQ 20071029 Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM BID 26243 OSVDB 40081 CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure.