Key Vulnerability Information Product Oracle E-Business Suite Versions Affected 11.0 11i (11.5.1 - 11.5.8) Platforms All platforms Risk Level High Description A buffer overflow exists in the FNDWRR program, which allows an attacker to potentially gain control of the process and execute arbitrary code on the server. This vulnerability can be remotely exploited using a web browser and an overly long URL. Solution Oracle has released the following patches to correct this vulnerability: Version 11.0: Patch 2919943 (All Releases) Version 11i: Patch 2919943 (11.5.1 - 11.5.8) Oracle Applications customers should consider this vulnerability high risk and apply the patch during the next maintenance cycle. Customers with Internet-facing application servers should apply the patch immediately. Appropriate testing and backups should be performed before applying any patches. Additional Information Integrigy Resources Oracle Security Alert Discovery Credit This vulnerability was discovered by Stephen Kost of Integrigy Corporation.