• On TV.com: TOP 10 Shows CANCELED Too Soon
August 29, 2007 8:03 AM PDT

Oracle JInitiator security flaw discovered

by Dawn Kawamoto
  • Font size
  • Print
  • Post a comment

Security researchers have found a "highly critical" security flaw in Oracle's JInitiator ActiveX control, which allows users to run Oracle Developer Server applications in a Web browser, according to a report by the United States Computer Emergency Readiness Team (US-CERT).

According to the folks at US-CERT, the vulnerabilities appear to be in JInitiator 1.1.8.16 and earlier versions of the software. The security flaws could allow an attacker to gain remote control of a user's system and execute arbitrary code.

A malicious attacker may be able to exploit the vulnerabilities within the Oracle JInitiator "beans.ocx" Active X control, when it handles certain initialization parameters that aren't specified, according to a posting by security research firm Secunia.

That, as a result, could lead to a stack-based buffer overflow, after a user is tricked into visiting a malicious Web site.

Dawn Kawamoto covers enterprise security and financial news relating to technology for CNET News. E-mail Dawn.
Topics:

Security

Tags:

Oracle,

JInitiator

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Critical Windows 7 holes fixed in record Patch Tuesday
Zero-day flaw found in Web encryption
EC formally objects to Oracle buying Sun
IOBit 360 refreshed for Windows 7
MySQL co-founder: Oracle should sell it
When open source isn't (open enough)
Amazon's move mocks EU's fear of Oracle
EU's MySQL inquiry may backfire for open source
advertisement

Graphics showdown: 13 games for newer iPhones

So you've got an old iPhone or iPod and want to see what some of the latest games are doing with the newer hardware? We've checked out 11 titles to show you the differences.
• Images: Old vs. new

Intel to pay AMD $1.25B in settlement

Antitrust and intellectual property fights come to an end for now. AMD will drop all pending litigation, and Intel will "abide by" a long list of prohibitions.
• AMD: Our claims are 'ratified'

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET