PT-2010-1300 · Oracle · Oracle Siebel Option Pack For Ie

Will Dormann

Publicado

2010-08-17

Atualizado

2011-07-26

CVE-2009-3737

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Siebel Option Pack for IE (affected versions not specified)

Description The issue is related to the improper initialization of memory used by the NewBusObj method in the Oracle Siebel Option Pack for IE ActiveX control. This allows remote attackers to execute arbitrary code via a crafted HTML document.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2009-3737

Produtos afetados

Oracle Siebel Option Pack For Ie

PT-2010-1300 · Oracle · Oracle Siebel Option Pack For Ie

CVE-2009-3737

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5