Blog dedicated to Oracle Applications (E-Business Suite) Technology; covers Apps Architecture, Administration and third party bolt-ons to Apps

Monday, September 24, 2007

Oracle Jinitiator 1.1.8.16 decertified with 11i

In Metalink Note 459123.1 published on Sep 21, 2007 Oracle has stated that it is decertifying the use of Jinitiator 1.1.8.16 with 11i. This is because, on August 27th, CIAC reported a problem with versions of Oracle Jinitiator 1.1.8.16 and lower. Further details of this information bulletin is listed at :

http://www.ciac.org/ciac/bulletins/r-334.shtml

In nutshell, the Oracle JInitiator ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Due to this security concern, Oracle has advised either to upgrade to Jinitiator 1.1.8.25 or 1.3.1.x or migrate to Sun JRE plugin.

No comments: