IBM Support

Avoiding an Oracle Outside In Content Access security vulnerability with included CorelDraw libraries

Flash (Alert)


A potential security vulnerability exists in the Oracle Outside In Content Access CorelDraw libraries that are provided with OmniFind Enterprise Edition versions 8.5 and 9.1 and IBM Content Analytics versions 2.1 and 2.2.


Avoid the security vulnerability by removing seven imcd*.flt files from the /lib or /bin directories of the OmniFind Enterprise Edition or Content Analytics installation root directory. Removing these files should prevent the security vulnerability without loss of function because OmniFind Enterprise Edition and Content Analytics do not use the CorelDraw functions.

Remove the following files:

  • imcd32.flt
  • imcd42.flt
  • imcd52.flt
  • imcd62.flt
  • imcd72.flt
  • imcd82.flt
  • imcdr2.flt

See the URL links below for more information regarding the security vulnerability.

Related information

US-CERT Vulnerability Note for VU#103425
Secunia Advisory SA45297
National Vulnerability Database summary for CVE-2011-22

Cross reference information
Segment Product Component Platform Version Edition
Enterprise Content Management Content Analytics with Enterprise Search AIX, Linux, Windows 2.1, 2.2 All Editions

Document information

More support for: OmniFind Enterprise Edition

Software version: 8.5, 9.1

Operating system(s): AIX, Linux, Solaris, Windows

Software edition: All Editions

Reference #: 1512725

Modified date: 04 April 2014

Translate this page: