CVE-2007-4467

Description

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36310

http://www.vupen.com/english/advisories/2007/3007

http://www.securityfocus.com/bid/25473

http://www.securityfocus.com/archive/1/479186/100/100/threaded

http://www.kb.cert.org/vuls/id/474433

http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf

http://securitytracker.com/id?1018618

http://secunia.com/advisories/26644

http://osvdb.org/37711

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3