Oracle JInitiator security flaw discovered

Security researchers find a "highly critical" security flaw in Oracle's JInitiator ActiveX control.

Security researchers have found a "highly critical" security flaw in Oracle's JInitiator ActiveX control, which allows users to run Oracle Developer Server applications in a Web browser, according to a report by the United States Computer Emergency Readiness Team (US-CERT).

According to the folks at US-CERT, the vulnerabilities appear to be in JInitiator 1.1.8.16 and earlier versions of the software. The security flaws could allow an attacker to gain remote control of a user's system and execute arbitrary code.

A malicious attacker may be able to exploit the vulnerabilities within the Oracle JInitiator "beans.ocx" Active X control, when it handles certain initialization parameters that aren't specified, according to a posting by security research firm Secunia.

That, as a result, could lead to a stack-based buffer overflow, after a user is tricked into visiting a malicious Web site.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments