CVE-2007-4467: Input Validation
First published: Fri Aug 31 2007(Updated: )
Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JInitiator | =1.1.8.16 | |
| Oracle JInitiator | =1.1.5 | |
| Oracle JInitiator | =1.1.8.3 | |
| Oracle JInitiator | =1.1.8.25 | |
| Oracle JInitiator | =1.1.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/474433
- http://www.securityfocus.com/bid/25473
- http://securitytracker.com/id?1018618
- http://secunia.com/advisories/26644
- http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf
- http://osvdb.org/37711
- http://www.vupen.com/english/advisories/2007/3007
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36310
- http://www.securityfocus.com/archive/1/479186/100/100/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle jinitiator
- version/oracle jinitiator/1.1.8.16
- version/oracle jinitiator/1.1.5
- version/oracle jinitiator/1.1.8.3
- version/oracle jinitiator/1.1.8.25
- version/oracle jinitiator/1.1.7