Symantec Security Response reports that David Litchfield has illustrated multiple vulnerabilities in the Oracle 9i XML Database (XDB).
"Ultimately exploitation of these issues may provide for remote execution of arbitrary code in the security context of the vulnerable service."
Systems affected include the:
Oracle Oracle9i Enterprise Edition 9.2 .0.1
Oracle Oracle9i Personal Edition 9.2 .0.1
Oracle Oracle9i Standard Edition 9.2 .0.1
The alert can be found at http://securityresponse.symantec.com/avcenter/security/Content/8375.html