Alexander Kornbrust Oracle Security Blog » Print » Oracle Jinitiator ActiveX control 1.1.8.16 contains multiple Stack Buffer Overflows

Oracle Jinitiator ActiveX control 1.1.8.16 contains multiple Stack Buffer Overflows

Dieser Eintrag stammt von Alexander Kornbrust Am 30 Aug 2007 @ 16:43 In Security, Oracle Security | Keine Kommentare

Yesterday the US Cert published an [1] advisory that the ActiveX control of Jinitiator 1.1.18.16 and earlier contains multiple buffer overflows allowing remote code execution. Even a new installation of Jinitiator does not fix the problem because the old, vulnerable control will not be removed. The US Cert recommends to disable ActiveX or to set the appropriate killbit.

Create and execute the following textfile to set the killbit. Additional information about killbits and activeX are available in the following Microsoft support note [2] 240797.

———–killbit.reg—————

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibili

ty\

{9b935470-ad4a-11d5-b63e-00c04faedb18}

]

“Compatibility Flags”=dword:00000400

———–killbit.reg—————

Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com

URL zum Artikel: http://blog.red-database-security.com/2007/08/30/oracle-jinitiator-activex-control-11816-contains-multiple-stack-buffer-overflows/

URLs in this post:
[1] advisory: http://www.kb.cert.org/vuls/id/474433
[2] 240797: http://support.microsoft.com/kb/240797

Klicken hier zum Drucken.