Security researchers have found a "highly critical" security flaw in Oracle's JInitiator ActiveX control, which allows users to run Oracle Developer Server applications in a Web browser, according to a report by the United States Computer Emergency Readiness Team (US-CERT).
According to the folks at US-CERT, the vulnerabilities appear to be in JInitiator 220.127.116.11 and earlier versions of the software. The security flaws could allow an attacker to gain remote control of a user's system and execute arbitrary code.
A malicious attacker may be able to exploit the vulnerabilities within the Oracle JInitiator "beans.ocx" Active X control, when it handles certain initialization parameters that aren't specified, according to a posting by security research firm Secunia.
That, as a result, could lead to a stack-based buffer overflow, after a user is tricked into visiting a malicious Web site.