CVE-2007-4467

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.

Published: Aug 31, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-4467
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
oracle / jinitiator	1.1.8.16	1.1.8.16.x
oracle / jinitiator	1.1.5	1.1.5.x
oracle / jinitiator	1.1.8.3	1.1.8.3.x
oracle / jinitiator	1.1.8.25	1.1.8.25.x
oracle / jinitiator	1.1.7	1.1.7.x

http://osvdb.org/37711
http://secunia.com/advisories/26644
http://securitytracker.com/id?1018618
http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf
http://www.kb.cert.org/vuls/id/474433
http://www.securityfocus.com/archive/1/479186/100/100/threaded
http://www.securityfocus.com/bid/25473
http://www.vupen.com/english/advisories/2007/3007
https://exchange.xforce.ibmcloud.com/vulnerabilities/36310

Vulnerability Database

CVE-2007-4467