Oracle JInitiator security flaw discovered

Security researchers find a "highly critical" security flaw in Oracle's JInitiator ActiveX control.

Security researchers have found a "highly critical" security flaw in Oracle's JInitiator ActiveX control, which allows users to run Oracle Developer Server applications in a Web browser, according to a report by the United States Computer Emergency Readiness Team (US-CERT).

According to the folks at US-CERT, the vulnerabilities appear to be in JInitiator 1.1.8.16 and earlier versions of the software. The security flaws could allow an attacker to gain remote control of a user's system and execute arbitrary code.

A malicious attacker may be able to exploit the vulnerabilities within the Oracle JInitiator "beans.ocx" Active X control, when it handles certain initialization parameters that aren't specified, according to a posting by security research firm Secunia.

That, as a result, could lead to a stack-based buffer overflow, after a user is tricked into visiting a malicious Web site.

About the author

    Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)
    Google Lunar XPrize: Testing Astrobotic's rover on the rocks (pictures)
    CNET's 15 favorite How Tos of 2014