Vulnerability Description
Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Jinitiator | 1.1.5 |
Related Weaknesses (CWE)
References
- http://osvdb.org/37711
- http://secunia.com/advisories/26644Vendor Advisory
- http://securitytracker.com/id?1018618
- http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator
- http://www.kb.cert.org/vuls/id/474433US Government Resource
- http://www.securityfocus.com/archive/1/479186/100/100/threaded
- http://www.securityfocus.com/bid/25473
- http://www.vupen.com/english/advisories/2007/3007Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36310
- http://osvdb.org/37711
- http://secunia.com/advisories/26644Vendor Advisory
- http://securitytracker.com/id?1018618
- http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator
- http://www.kb.cert.org/vuls/id/474433US Government Resource
- http://www.securityfocus.com/archive/1/479186/100/100/threaded
FAQ
What is CVE-2007-4467?
CVE-2007-4467 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attack...
How severe is CVE-2007-4467?
CVE-2007-4467 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4467?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jinitiator.