In Metalink Note 459123.1 published on Sep 21, 2007 Oracle has stated that it is decertifying the use of Jinitiator 1.1.8.16 with 11i. This is because, on August 27th, CIAC reported a problem with versions of Oracle Jinitiator 1.1.8.16 and lower. Further details of this information bulletin is listed at :
http://www.ciac.org/ciac/bulletins/r-334.shtml
In nutshell, the Oracle JInitiator ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Due to this security concern, Oracle has advised either to upgrade to Jinitiator 1.1.8.25 or 1.3.1.x or migrate to Sun JRE plugin.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment