TeamSHATTER researchers, Esteban Martinez Fayo and Martin Rakhmanov, from Application Security, Inc. are credited by Oracle for finding 3 of 6 vulnerabilities in Oracle’s January Critical Patch Update (CPU). Vulnerabilities found included CVE-2010-4420 and CVE-2010-4421, part of Oracle’s Database Vault component and CVE-2010-4423 from the Cluster Verify Utility component. Worthy to note is that CVE-2010-4423 affects Oracle on Microsoft Windows and allows for complete takeover of the database server and host during installation, setup modification or upgrade.