Oracle Database Server Permissions Privileges and Access Controls Vulnerability - CVE-2012-1675

The TNS Listener as used in Oracle Database 11g 11.1.0.7 11.2.0.2 and 11.2.0.3 and 10g 10.2.0.3 10.2.0.4 and 10.2.0.5 as used in Oracle Fusion Middleware Enterprise Manager E-Business Suite and possibly other products allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists then conducting a man-in-the-middle (MITM) attack to hijack database connections aka quotTNS Poison.quot