BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Oracle Siebel Option Pack for IE ActiveX Control Vulnerability

Disclosed August 6, 2010    Fully Patched

Vulnerability Description:

Oracle Siebel Option Pack for IE ActiveX control contains a vulnerability when initializing memory used by the "NewBusObj" method. By browsing to a website hosting malicious content or opening a crafted HTML document (e.g. e-mail message or attachment), an attacker could instantiate the vulnerable ActiveX control and corrupt system memory in such a way that could be leveraged to execute arbitrary code.

Vendors:

Oracle

Vulnerable Software/Devices:

Oracle Siebel Option Pack for IE

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

Mitigation:

Apply appropriate vendor patches.

Links:

CVE(s):

None

Leave a Reply