JInitiator posts - News Blog

August 29, 2007 8:03 AM PDT

Security researchers have found a "highly critical" security flaw in Oracle's JInitiator ActiveX control, which allows users to run Oracle Developer Server applications in a Web browser, according to a report by the United States Computer Emergency Readiness Team (US-CERT).

According to the folks at US-CERT, the vulnerabilities appear to be in JInitiator 1.1.8.16 and earlier versions of the software. The security flaws could allow an attacker to gain remote control of a user's system and execute arbitrary code.

A malicious attacker may be able to exploit the vulnerabilities within the Oracle JInitiator "beans.ocx" Active X control, when it handles certain initialization parameters that aren't specified, according to a posting by security research firm Secunia.

That, as a result, could lead to a stack-based buffer overflow, after a user is tricked into visiting a malicious Web site.

Topics:: Security

Tags:: Oracle,; JInitiator

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

Inside CNET News

Scroll Left Scroll Right

Deep Tech
Long-awaited Bibble 5 raw photo editor arrives
Bibble 5 Pro is out, bringing higher performance and a higher price to the raw-photo editing and cataloging software. Also new: selective editing.
Gallery
En route to GPS-based air traffic control (images)
MacFixIt
Apple misses its mark on Windows 7 Boot Camp support
Installing Windows 7 over Vista will give numerous advantages, even if for nothing more than to increase the stability of the operating system; however, to date Apple has not officially supported this despite claiming support would be out by the end of th
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Deep-sea volcanic explosion--part 2 (video)
Crave
Want to see Google's new phone on YouTube?
A clip showing what appears to be the phone popped up on the Web Wednesday. You can find it without much effort, particularly if you search video sites not owned by Google.
Video
Deep-sea volcanic explosion--part 1 (video)
Deep Tech
'Don't-be-evil' Google spurns no-evil software
One open-source software programmer's joke--'The Software shall be used for Good, not Evil'--is a serious matter at Google.
The Space Shot
Soyuz craft docks, boosts space station crew
A Russian Soyuz spacecraft docked with the International Space Station Tuesday after a smooth, automated approach, boosting the lab's crew back up to five.
Gallery
NASA trains WISE eye on the sky (photos)
Digital Noise: Music and Tech
Rank your favorite songs with Rank'em
In beta-testing now, Rank'em lets you vote on favorite songs by your favorite artists, then shows aggregate ratings.
Green Tech
Green-tech venture investing cools off in 2009
Green tech is still attracting billions of dollars a year, but the amount of money has shrunk significantly as investors began to focus on start-ups with the most potential.

News Blog

Oracle JInitiator security flaw discovered

Most Popular

15 sites that went kaput in 2009

Top 10 news stories of the decade

About News Blog

Inside CNET News