Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
BID:25473
Info
Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 25473 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4467 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 28 2007 12:00AM |
| Updated: | Sep 12 2007 05:21PM |
| Credit: | Will Dormann of the CERT/CC is credited with discovering these issues. |
| Vulnerable: |
Oracle JInitiator 1.1.8 .16 |
| Not Vulnerable: | |
Discussion
Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
Oracle JInitiator is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
These issues affect Oracle JInitiator 1.1.8.16; other versions may also be affected.
Oracle JInitiator is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.
These issues affect Oracle JInitiator 1.1.8.16; other versions may also be affected.
Exploit / POC
Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Oracle Jinitiator 1.1.8 Buffer Overflow Vulnerability Analysis (Integrigy)
- Oracle Jinitiator 1.1.8 Buffer Overflow Vulnerability Analysis (Integrigy)
- Oracle JInitiator Download Page (Oracle)
- Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information (Integrigy Alerts)
- Vulnerability Note VU#474433 (US-CERT)