Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4467

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4467
Last Modified 07 Mar 2011 12:00:00
Published 30 Aug 2007 08:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4467

Summary

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.

Vulnerable Systems

Application

  • Oracle Jinitiator 1.1.5

  • Oracle Jinitiator 1.1.7

  • Oracle Jinitiator 1.1.8.16

  • Oracle Jinitiator 1.1.8.25

  • Oracle Jinitiator 1.1.8.3


References

CERT-VN - VU#474433

XF - oracle-jinitiator-beans-bo(36310)

VUPEN - ADV-2007-3007

BID - 25473

BUGTRAQ - 20070912 Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information

MISC - http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf

SECTRACK - 1018618

SECUNIA - 26644

OSVDB - 37711


Last Updated: 27 May 2016 10:45:52