Avira closes new "Oracle Outside In" vulnerability in Avira AntiVir Exchange 9.2

info-symbol
Oracle closed recently new security holes in their “Oracle Outside In” library. The changes affect the Avira AntiVir Exchange 9.2 since the product is using as well the same library. Avira has already solved this problem and provides herewith a new patch. We recommend to install this patch as soon as possible to close the existing security hole.

grey-line
Note
The prerequisite for the installation of this patch is to run the most current Exchange version 9.2.3.2072. Installing this patch on older Exchange versions may lead to malfunction or destroy the product. (The functionality of the product can be restored only through a repair installation)

To check your Exchange version, start the AntiVir Exchange Management Console and open the menu “AntiVir Monitor”. Open the properties of the server in the following window in order to check the version information.
grey-line


settings-icon
To install the patch please proceed as follows:

  1. Stop the “AntiVir” Exchange services (Control service and normal service).

    Note
    As long as the services are stopped Emails may pass through unchecked.


  2. Save and unzip the zip archive to "AntiVir-InstallDir"\Bin\Oit and overwrite the existing file.

    Download Oracle OIT 8.3.7 Patch Januar 2013.zip


  3. Restart again the previous “AntiVir” Exchange services.

Customers of Avira Small Business Security Suite and Avira Business Security Suite


To close the security hole simply follow the steps mentioned above. There is no need to reinstall the complete product. By following the steps above only the installation of the package within Avira AntiVir Exchange will be updated.

grey-line
Note
A reinstallation of the complete package of Avira Small Business Security or Avira Business Security will not fix the existing security hole. A subsequently installation of the patch ist still necessary.
grey-line


For more technical information, see the following URLs:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0393
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0418

Affected products

  • Avira Exchange Security [Windows]
  • Created : Wednesday, February 27, 2013
  • Last updated: Tuesday, August 22, 2017
  • Rate this article
Was this helpful?