CVE-2009-3737

Oracle Siebel Option Pack IE ActiveX Control - Remote Code Execution via NewBusObj Method

Title source: llm
STIX 2.1

Description

The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2028
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/66926
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40804
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/174089

Scores

EPSS 0.0395
EPSS Percentile 89.1%

Details

CWE
CWE-94
Status published
Products (1)
oracle/siebel_option_pack_ie_activex_control
Published Aug 17, 2010
Tracked Since Feb 18, 2026