In Metalink Note 459123.1 published on Sep 21, 2007 Oracle has stated that it is decertifying the use of Jinitiator 18.104.22.168 with 11i. This is because, on August 27th, CIAC reported a problem with versions of Oracle Jinitiator 22.214.171.124 and lower. Further details of this information bulletin is listed at :
In nutshell, the Oracle JInitiator ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Due to this security concern, Oracle has advised either to upgrade to Jinitiator 126.96.36.199 or 1.3.1.x or migrate to Sun JRE plugin.