Database giant Oracle warned of a flaw in its XML software that could open a door for denial-of-service attacks. In an alert posted Monday, Oracle said the flaw affects companies using the XML Database (XDB) component for the company's Oracle 9i software. XDB stores data based on Extensible Markup Language (XML), the growing standard for delivering Web services and uniting back-end software.
A hacker could exploit a buffer overflow hole in XDB to launch a denial-of-service attack or capture data, according to the alert. Oracle said the flaw was most likely to be exploited in an insider attack launched over a corporate network. Customers were advised to apply the appropriate patch, as detailed in the alert.