Critical flaw found in Oracle developer tool

News

Critical flaw found in Oracle developer tool

SearchSecurity.com Staff

A critical flaw that could be exploited by an attacker to execute arbitrary code and compromise a vulnerable system has been discovered in Oracle's JInitiator tool.

The tool is used by developers to run Oracle Developer Server applications directly within Internet Explorer. The flaw was discovered in versions 1.1.8.16 and earlier.

The vulnerability was discovered by Will Dormann of the United States Computer Emergency Readiness Team (US-CERT). In the US-CERT advisory, Dormann said the Oracle JInitiator ActiveX control contains multiple stack buffer overflows, which could allow a hacker to conduct an attack remotely. The attacker must trick a user into visiting a malicious website, to conduct the attack.

A patch has not been released. As a workaround, Dormann advised users to disable the Oracle JInitiator ActiveX control in Internet Explorer.

"Installing a later version of the software will not remove the vulnerable version of the control," Dormann said in the advisory. "We are currently unaware of a practical solution to this problem."

Danish security firm Secunia rated the vulnerability "highly critical" in its advisory to customers.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy