CVE-2009-3737
Oracle Siebel Option Pack IE ActiveX Control - Remote Code Execution via NewBusObj Method
Title source: llmDescription
The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.
References (4)
Core 4
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2028
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/66926
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40804
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/174089
Scores
EPSS
0.0395
EPSS Percentile
89.1%
Details
CWE
CWE-94
Status
published
Products (1)
oracle/siebel_option_pack_ie_activex_control
Published
Aug 17, 2010
Tracked Since
Feb 18, 2026