The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.
References
Link | Resource |
---|---|
http://secunia.com/advisories/40804 | Vendor Advisory |
http://www.kb.cert.org/vuls/id/174089 | US Government Resource |
http://www.osvdb.org/66926 | |
http://www.vupen.com/english/advisories/2010/2028 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2010-08-17 13:00
Updated : 2011-07-25 21:00
NVD link : CVE-2009-3737
Mitre link : CVE-2009-3737
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
oracle
- siebel_option_pack_ie_activex_control
microsoft
- internet_explorer