Vulnerability Description
The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Siebel Option Pack Ie Activex Control | All versions |
| Microsoft | Internet Explorer | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/40804Vendor Advisory
- http://www.kb.cert.org/vuls/id/174089US Government Resource
- http://www.osvdb.org/66926
- http://www.vupen.com/english/advisories/2010/2028Vendor Advisory
- http://secunia.com/advisories/40804Vendor Advisory
- http://www.kb.cert.org/vuls/id/174089US Government Resource
- http://www.osvdb.org/66926
- http://www.vupen.com/english/advisories/2010/2028Vendor Advisory
FAQ
What is CVE-2009-3737?
CVE-2009-3737 is a vulnerability with a CVSS score of 9.3 (HIGH). The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTM...
How severe is CVE-2009-3737?
CVE-2009-3737 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3737?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Siebel Option Pack Ie Activex Control, Microsoft Internet Explorer.