cvelistv5 - cve-2007-4467

CVE-2007-4467 (GCVE-0-2007-4467)

Vulnerability from cvelistv5 – Published: 2007-08-31 00:00 – Updated: 2024-08-07 14:53

Summary

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	http://www.integrigy.com/security-resources/analy…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/id?1018618	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/3007	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/26644	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/474433	third-party-advisoryx_refsource_CERT-VN
	http://osvdb.org/37711	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/25473	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/479186/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:53:56.082Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf"
          },
          {
            "name": "oracle-jinitiator-beans-bo(36310)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36310"
          },
          {
            "name": "1018618",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018618"
          },
          {
            "name": "ADV-2007-3007",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3007"
          },
          {
            "name": "26644",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26644"
          },
          {
            "name": "VU#474433",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/474433"
          },
          {
            "name": "37711",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37711"
          },
          {
            "name": "25473",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25473"
          },
          {
            "name": "20070912 Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/479186/100/100/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified \"initialization parameters.\" NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf"
        },
        {
          "name": "oracle-jinitiator-beans-bo(36310)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36310"
        },
        {
          "name": "1018618",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018618"
        },
        {
          "name": "ADV-2007-3007",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3007"
        },
        {
          "name": "26644",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26644"
        },
        {
          "name": "VU#474433",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/474433"
        },
        {
          "name": "37711",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37711"
        },
        {
          "name": "25473",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25473"
        },
        {
          "name": "20070912 Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/479186/100/100/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2007-4467",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified \"initialization parameters.\" NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf",
              "refsource": "MISC",
              "url": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf"
            },
            {
              "name": "oracle-jinitiator-beans-bo(36310)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36310"
            },
            {
              "name": "1018618",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018618"
            },
            {
              "name": "ADV-2007-3007",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3007"
            },
            {
              "name": "26644",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26644"
            },
            {
              "name": "VU#474433",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/474433"
            },
            {
              "name": "37711",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37711"
            },
            {
              "name": "25473",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25473"
            },
            {
              "name": "20070912 Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/479186/100/100/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2007-4467",
    "datePublished": "2007-08-31T00:00:00",
    "dateReserved": "2007-08-22T00:00:00",
    "dateUpdated": "2024-08-07T14:53:56.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jinitiator:1.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D77FD81-3F3C-4391-86CE-DA5B3CF28617\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jinitiator:1.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB1DCB76-9BF3-48AA-99F6-D73699E21F7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jinitiator:1.1.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5619E59D-F680-4AC7-B01F-3D034968B4F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jinitiator:1.1.8.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FBDF868-AD1B-4F74-B5A5-6FC15A2C8600\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jinitiator:1.1.8.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18F49E47-C59D-47CA-92F5-D103BF48797C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified \\\"initialization parameters.\\\" NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer en la regi\\u00f3n stack de la memoria en el control ActiveX de Oracle JInitiator (archivo beans.ocx) versi\\u00f3n 1.1.8.16 y anteriores, tal y como es usado en las aplicaciones Oracle Forms de Oracle y de terceros, permite a atacantes remotos ejecutar c\\u00f3digo arbitrario por medio  de  \\\"initialization parameters\\\"  no especificados. NOTA: m\\u00e1s tarde fue reportado que las versiones 1.1.8.3 hasta 1.1.8.8.25, y probablemente las versiones 1.1.5.x y 1.1.7.x, est\\u00e1n afectadas.\"}]",
      "id": "CVE-2007-4467",
      "lastModified": "2024-11-21T00:35:40.407",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-08-31T00:17:00.000",
      "references": "[{\"url\": \"http://osvdb.org/37711\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://secunia.com/advisories/26644\", \"source\": \"cret@cert.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018618\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/474433\", \"source\": \"cret@cert.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/479186/100/100/threaded\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.securityfocus.com/bid/25473\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3007\", \"source\": \"cret@cert.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/36310\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://osvdb.org/37711\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26644\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018618\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/474433\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/479186/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/25473\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3007\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/36310\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4467\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2007-08-31T00:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified \\\"initialization parameters.\\\" NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria en el control ActiveX de Oracle JInitiator (archivo beans.ocx) versi\u00f3n 1.1.8.16 y anteriores, tal y como es usado en las aplicaciones Oracle Forms de Oracle y de terceros, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio  de  \\\"initialization parameters\\\"  no especificados. NOTA: m\u00e1s tarde fue reportado que las versiones 1.1.8.3 hasta 1.1.8.8.25, y probablemente las versiones 1.1.5.x y 1.1.7.x, est\u00e1n afectadas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jinitiator:1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D77FD81-3F3C-4391-86CE-DA5B3CF28617\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jinitiator:1.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB1DCB76-9BF3-48AA-99F6-D73699E21F7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jinitiator:1.1.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5619E59D-F680-4AC7-B01F-3D034968B4F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jinitiator:1.1.8.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FBDF868-AD1B-4F74-B5A5-6FC15A2C8600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jinitiator:1.1.8.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18F49E47-C59D-47CA-92F5-D103BF48797C\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37711\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/26644\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018618\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/474433\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/479186/100/100/threaded\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/bid/25473\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3007\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36310\",\"source\":\"cret@cert.org\"},{\"url\":\"http://osvdb.org/37711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26644\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018618\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/474433\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/479186/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25473\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3007\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36310\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-029

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Huit vulnérabilités affectent Oracle Database, dont sept sont exploitables à distance, mais nécessitent une authentification. Leur exploitation permet de porter atteinte à la disponibilité, à l'intégrité et à la confidentialité des données.

Six vulnérabilités affectent Oracle Application Server, dont cinq sont exploitables à distance sans authentification préalable. Leur exploitation permet de porter atteinte à la disponibilité, à l'intégrité et à la confidentialité des données.

Une vulnérabilité, exploitable sans authentification préalable, concerne Oracle Collaboration Suite et permet de porter atteinte à la confidentialité et à l'intégrité des données.

Sept vulnérabilités sont présentes dans Oracle E-business Suite, dont trois sont exploitables à distance sans authentification préalable. Leur exploitation permet de porter atteinte à la disponibilité, à l'intégrité et à la confidentialité des données.

Quatre vulnérabilités affectent PeopleTools, dont une est exploitable à distance sans authentification préalable. Leur exploitation permet de porter atteinte à la disponibilité, à l'intégrité et à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle E-business Suite Release 11i et 12 ;
Oracle	N/A	Oracle Application Server 10g ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise PeopleTools 8.x.
Oracle	N/A	Oracle Database 9i, 10g et 11g ;
Oracle	N/A	Oracle Collaboration Suite 10g ;

References

Title

Publication Time

Tags

Bulletin Oracle du 15 janvier 2008	None	vendor-advisory
Bulletin de sécurité Oracle du 15 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle E-business Suite Release 11i et 12 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise PeopleTools 8.x.",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 9i, 10g et 11g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Collaboration Suite 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nHuit vuln\u00e9rabilit\u00e9s affectent Oracle Database, dont sept sont\nexploitables \u00e0 distance, mais n\u00e9cessitent une authentification. Leur\nexploitation permet de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9\net \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nSix vuln\u00e9rabilit\u00e9s affectent Oracle Application Server, dont cinq sont\nexploitables \u00e0 distance sans authentification pr\u00e9alable. Leur\nexploitation permet de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9\net \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nUne vuln\u00e9rabilit\u00e9, exploitable sans authentification pr\u00e9alable, concerne\nOracle Collaboration Suite et permet de porter atteinte \u00e0 la\nconfidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n\nSept vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Oracle E-business Suite, dont\ntrois sont exploitables \u00e0 distance sans authentification pr\u00e9alable. Leur\nexploitation permet de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9\net \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nQuatre vuln\u00e9rabilit\u00e9s affectent PeopleTools, dont une est exploitable \u00e0\ndistance sans authentification pr\u00e9alable. Leur exploitation permet de\nporter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-4467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4467"
    },
    {
      "name": "CVE-2008-0346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0346"
    },
    {
      "name": "CVE-2008-0343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0343"
    },
    {
      "name": "CVE-2008-0342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0342"
    },
    {
      "name": "CVE-2008-0345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0345"
    },
    {
      "name": "CVE-2008-0347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0347"
    },
    {
      "name": "CVE-2008-0341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0341"
    },
    {
      "name": "CVE-2008-0349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0349"
    },
    {
      "name": "CVE-2008-0348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0348"
    },
    {
      "name": "CVE-2008-0344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0344"
    },
    {
      "name": "CVE-2008-0339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0339"
    },
    {
      "name": "CVE-2008-0340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0340"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 15 janvier 2008 :",
      "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html"
    }
  ],
  "reference": "CERTA-2008-AVI-029",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-18T00:00:00.000000"
    },
    {
      "description": "lien Oracle, syst\u00e8mes affect\u00e9s.",
      "revision_date": "2008-01-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "De provoquer un d\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "De porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "De porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": null,
  "title": "Mutiples vuln\u00e9rabilit\u00e9s des produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Oracle du 15 janvier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-029

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité, exploitable sans authentification préalable, concerne Oracle Collaboration Suite et permet de porter atteinte à la confidentialité et à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle E-business Suite Release 11i et 12 ;
Oracle	N/A	Oracle Application Server 10g ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise PeopleTools 8.x.
Oracle	N/A	Oracle Database 9i, 10g et 11g ;
Oracle	N/A	Oracle Collaboration Suite 10g ;

References

Title

Publication Time

Tags

Bulletin Oracle du 15 janvier 2008	None	vendor-advisory
Bulletin de sécurité Oracle du 15 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle E-business Suite Release 11i et 12 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise PeopleTools 8.x.",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 9i, 10g et 11g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Collaboration Suite 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nHuit vuln\u00e9rabilit\u00e9s affectent Oracle Database, dont sept sont\nexploitables \u00e0 distance, mais n\u00e9cessitent une authentification. Leur\nexploitation permet de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9\net \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nSix vuln\u00e9rabilit\u00e9s affectent Oracle Application Server, dont cinq sont\nexploitables \u00e0 distance sans authentification pr\u00e9alable. Leur\nexploitation permet de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9\net \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nUne vuln\u00e9rabilit\u00e9, exploitable sans authentification pr\u00e9alable, concerne\nOracle Collaboration Suite et permet de porter atteinte \u00e0 la\nconfidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n\nSept vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Oracle E-business Suite, dont\ntrois sont exploitables \u00e0 distance sans authentification pr\u00e9alable. Leur\nexploitation permet de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9\net \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nQuatre vuln\u00e9rabilit\u00e9s affectent PeopleTools, dont une est exploitable \u00e0\ndistance sans authentification pr\u00e9alable. Leur exploitation permet de\nporter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-4467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4467"
    },
    {
      "name": "CVE-2008-0346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0346"
    },
    {
      "name": "CVE-2008-0343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0343"
    },
    {
      "name": "CVE-2008-0342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0342"
    },
    {
      "name": "CVE-2008-0345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0345"
    },
    {
      "name": "CVE-2008-0347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0347"
    },
    {
      "name": "CVE-2008-0341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0341"
    },
    {
      "name": "CVE-2008-0349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0349"
    },
    {
      "name": "CVE-2008-0348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0348"
    },
    {
      "name": "CVE-2008-0344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0344"
    },
    {
      "name": "CVE-2008-0339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0339"
    },
    {
      "name": "CVE-2008-0340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0340"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 15 janvier 2008 :",
      "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html"
    }
  ],
  "reference": "CERTA-2008-AVI-029",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-18T00:00:00.000000"
    },
    {
      "description": "lien Oracle, syst\u00e8mes affect\u00e9s.",
      "revision_date": "2008-01-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "De provoquer un d\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "De porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "De porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": null,
  "title": "Mutiples vuln\u00e9rabilit\u00e9s des produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Oracle du 15 janvier 2008",
      "url": null
    }
  ]
}

GHSA-F4M6-PC47-P952

Vulnerability from github – Published: 2022-05-01 18:23 – Updated: 2022-05-01 18:23

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-08-31T00:17:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified \"initialization parameters.\" NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.",
  "id": "GHSA-f4m6-pc47-p952",
  "modified": "2022-05-01T18:23:56Z",
  "published": "2022-05-01T18:23:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4467"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36310"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37711"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26644"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018618"
    },
    {
      "type": "WEB",
      "url": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/474433"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/479186/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25473"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-4467

Vulnerability from fkie_nvd - Published: 2007-08-31 00:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://osvdb.org/37711
cret@cert.org	http://secunia.com/advisories/26644	Vendor Advisory
cret@cert.org	http://securitytracker.com/id?1018618
cret@cert.org	http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf
cret@cert.org	http://www.kb.cert.org/vuls/id/474433	US Government Resource
cret@cert.org	http://www.securityfocus.com/archive/1/479186/100/100/threaded
cret@cert.org	http://www.securityfocus.com/bid/25473
cret@cert.org	http://www.vupen.com/english/advisories/2007/3007	Vendor Advisory
cret@cert.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36310
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37711
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26644	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018618
af854a3a-2127-422b-91ae-364da2661108	http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/474433	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/479186/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25473
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3007	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36310

Impacted products

Vendor	Product	Version
oracle	jinitiator	1.1.5
oracle	jinitiator	1.1.7
oracle	jinitiator	1.1.8.3
oracle	jinitiator	1.1.8.16
oracle	jinitiator	1.1.8.25

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jinitiator:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D77FD81-3F3C-4391-86CE-DA5B3CF28617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jinitiator:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB1DCB76-9BF3-48AA-99F6-D73699E21F7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jinitiator:1.1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5619E59D-F680-4AC7-B01F-3D034968B4F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jinitiator:1.1.8.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBDF868-AD1B-4F74-B5A5-6FC15A2C8600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jinitiator:1.1.8.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "18F49E47-C59D-47CA-92F5-D103BF48797C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified \"initialization parameters.\" NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria en el control ActiveX de Oracle JInitiator (archivo beans.ocx) versi\u00f3n 1.1.8.16 y anteriores, tal y como es usado en las aplicaciones Oracle Forms de Oracle y de terceros, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio  de  \"initialization parameters\"  no especificados. NOTA: m\u00e1s tarde fue reportado que las versiones 1.1.8.3 hasta 1.1.8.8.25, y probablemente las versiones 1.1.5.x y 1.1.7.x, est\u00e1n afectadas."
    }
  ],
  "id": "CVE-2007-4467",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-08-31T00:17:00.000",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://osvdb.org/37711"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26644"
    },
    {
      "source": "cret@cert.org",
      "url": "http://securitytracker.com/id?1018618"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/474433"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/archive/1/479186/100/100/threaded"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/25473"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3007"
    },
    {
      "source": "cret@cert.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/474433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/479186/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36310"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-4467

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-4467

Aliases

CVE-2007-4467

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4467",
    "description": "Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified \"initialization parameters.\" NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.",
    "id": "GSD-2007-4467"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4467"
      ],
      "details": "Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified \"initialization parameters.\" NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.",
      "id": "GSD-2007-4467",
      "modified": "2023-12-13T01:21:36.908245Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2007-4467",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified \"initialization parameters.\" NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf",
            "refsource": "MISC",
            "url": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf"
          },
          {
            "name": "oracle-jinitiator-beans-bo(36310)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36310"
          },
          {
            "name": "1018618",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018618"
          },
          {
            "name": "ADV-2007-3007",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3007"
          },
          {
            "name": "26644",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26644"
          },
          {
            "name": "VU#474433",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/474433"
          },
          {
            "name": "37711",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37711"
          },
          {
            "name": "25473",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25473"
          },
          {
            "name": "20070912 Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/479186/100/100/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jinitiator:1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jinitiator:1.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jinitiator:1.1.8.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jinitiator:1.1.8.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jinitiator:1.1.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2007-4467"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified \"initialization parameters.\" NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#474433",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/474433"
            },
            {
              "name": "25473",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25473"
            },
            {
              "name": "1018618",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1018618"
            },
            {
              "name": "26644",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26644"
            },
            {
              "name": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdf"
            },
            {
              "name": "37711",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37711"
            },
            {
              "name": "ADV-2007-3007",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3007"
            },
            {
              "name": "oracle-jinitiator-beans-bo(36310)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36310"
            },
            {
              "name": "20070912 Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/479186/100/100/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:35Z",
      "publishedDate": "2007-08-31T00:17Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-4467 (GCVE-0-2007-4467)

CERTA-2008-AVI-029

Description

Solution

CERTA-2008-AVI-029

Description

Solution

GHSA-F4M6-PC47-P952

FKIE_CVE-2007-4467

GSD-2007-4467

Tags

Sightings

Nomenclature