CVE-2007-4467
Oracle JInitiator <= 1.1.8.25 - Remote Code Execution via Initialization Parameters
Title source: llmDescription
Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.
References (9)
Core 9
Core References
Various Sources x_refsource_misc
http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36310
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018618
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3007
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26644
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/474433
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37711
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25473
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/479186/100/100/threaded
Scores
EPSS
0.2107
EPSS Percentile
97.3%
Details
CWE
CWE-20
Status
published
Products (5)
oracle/jinitiator
1.1.5
oracle/jinitiator
1.1.7
oracle/jinitiator
1.1.8.3
oracle/jinitiator
1.1.8.16
oracle/jinitiator
1.1.8.25
Published
Aug 31, 2007
Tracked Since
Feb 18, 2026