CVE-2007-4467

Published Aug 31, 2007

Last updated 6 years ago

Overview

Description: Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.
Source: cret@cert.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jinitiator:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D77FD81-3F3C-4391-86CE-DA5B3CF28617"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jinitiator:1.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB1DCB76-9BF3-48AA-99F6-D73699E21F7B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jinitiator:1.1.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5619E59D-F680-4AC7-B01F-3D034968B4F5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jinitiator:1.1.8.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FBDF868-AD1B-4F74-B5A5-6FC15A2C8600"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jinitiator:1.1.8.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18F49E47-C59D-47CA-92F5-D103BF48797C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References