[From Oracle Technology Network
A potential security vulnerability has been discovered in the ORACLE.EXE binary of Oracle9i
Database. A knowledgeable and malicious user can potentially execute arbitrary code by
exploiting a buffer overflow in this binary.
Note that this exploit can manifest only when using a client application that does not place proper
limits on the size of data sent to the server.
Download currently available patches from Oracle Worldwide Support Services web site, Metalink
Alert #51, Rev 1, 11 Feburary 2003
Patches are available on Metalink.
The article continues at