CVE-2007-4467

Oracle JInitiator <= 1.1.8.25 - Remote Code Execution via Initialization Parameters

Title source: llm
STIX 2.1

Description

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36310
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018618
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3007
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26644
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/474433
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37711
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25473
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/479186/100/100/threaded

Scores

EPSS 0.2107
EPSS Percentile 97.3%

Details

CWE
CWE-20
Status published
Products (5)
oracle/jinitiator 1.1.5
oracle/jinitiator 1.1.7
oracle/jinitiator 1.1.8.3
oracle/jinitiator 1.1.8.16
oracle/jinitiator 1.1.8.25
Published Aug 31, 2007
Tracked Since Feb 18, 2026