The bfilename() function suffers from a remotely exploitable buffer overrunwhen an overly long DIRECTORY parameter is supplied. Before this issue canbe exploited an attacker must be able to log on to the database server witha valid user ID and password. However, as the bfilename() function can beexecuted by PUBLIC by default, any user of the system can gain control.
All platforms are affected.
For Oracle's patch, click here.