Calendar
Kategorien
- 10.2.0.4 (1)
- 11g (3)
- Allgemein (11)
- BEA (1)
- checkpwd (4)
- CPUApr2008 (3)
- CPUJan2008 (2)
- CPUJul2007 (3)
- CPUOct2007 (1)
- Database Vault (1)
- David Litchfield (4)
- Exploit (4)
- Forensics (3)
- Inguma (2)
- MacOS (1)
- Mary Ann (1)
- Oracle (2)
- Oracle Security (46)
- passwords (3)
- Podcast (1)
- rootkits (1)
- Security (9)
- Security Book (1)
- Sentrigo (1)
- software (2)
- Source Code Analysis (1)
- source code audit (3)
- SQL Injection (4)
- Trainings (1)
Letzte Einträge
- 9 Aug 2008: July 2008 CPU Advisory - Windows Patch update for Oracle 10.1.0.5
- 29 Jul 2008: Exploit for Oracle Bea Weblogic - Apache Connector published
- 8 Mai 2008: Checkpwd 1.23 for MacOS Intel native released
- 16 Apr 2008: Oracle CPU April 2008 - Update
- 15 Apr 2008: Oracle Critical Patch Update April 2008 is out
- 11 Apr 2008: Looking Glass and Oracle 11g
- 11 Apr 2008: Oracle Critical Patch Update Pre-Release Announcement - April 2008
- 4 Mrz 2008: We proudly present: Anna Marie Kornbrust
- 4 Mrz 2008: Corba Exploit for VisiBroker published
- 25 Feb 2008: Oracle Patchset 10.2.0.4 is out
Links
Archive
« Partnership between Red-Database-Security GmbH and PeteFinnigan.com Ltd. | Impressions from HackInTheBox 2007 Malaysia »
Oracle Jinitiator ActiveX control 1.1.8.16 contains multiple Stack Buffer Overflows
Yesterday the US Cert published an advisory that the ActiveX control of Jinitiator 1.1.18.16 and earlier contains multiple buffer overflows allowing remote code execution. Even a new installation of Jinitiator does not fix the problem because the old, vulnerable control will not be removed. The US Cert recommends to disable ActiveX or to set the appropriate killbit.
Create and execute the following textfile to set the killbit. Additional information about killbits and activeX are available in the following Microsoft support note 240797.
———–killbit.reg—————
- Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9b935470-ad4a-11d5-b63e-00c04faedb18}]
“Compatibility Flags”=dword:00000400
———–killbit.reg—————