CVE-2007-4467

Sažetak

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.

Reference

http://osvdb.org/37711
http://secunia.com/advisories/26644
http://securitytracker.com/id?1018618
http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf
http://www.kb.cert.org/vuls/id/474433
http://www.securityfocus.com/archive/1/479186/100/100/threaded
http://www.securityfocus.com/bid/25473
http://www.vupen.com/english/advisories/2007/3007
https://exchange.xforce.ibmcloud.com/vulnerabilities/36310

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

15-10-2018 - 21:35

Objavljeno

31-08-2007 - 00:17