CVE-2009-3737

The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/40804	Vendor Advisory
http://www.kb.cert.org/vuls/id/174089	US Government Resource
http://www.osvdb.org/66926
http://www.vupen.com/english/advisories/2010/2028	Vendor Advisory
http://secunia.com/advisories/40804	Vendor Advisory
http://www.kb.cert.org/vuls/id/174089	US Government Resource
http://www.osvdb.org/66926
http://www.vupen.com/english/advisories/2010/2028	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:oracle:siebel_option_pack_ie_activex_control:*:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/40804 - Vendor Advisory~~	() http://secunia.com/advisories/40804 - Vendor Advisory
References	~~() http://www.kb.cert.org/vuls/id/174089 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/174089 - US Government Resource
References	~~() http://www.osvdb.org/66926 -~~	() http://www.osvdb.org/66926 -
References	~~() http://www.vupen.com/english/advisories/2010/2028 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2010/2028 - Vendor Advisory

Information

Published : 2010-08-17 20:00

Updated : 2024-11-21 01:08

NVD link : CVE-2009-3737

Mitre link : CVE-2009-3737

CVE.ORG link : CVE-2009-3737

JSON object : View

Products Affected

microsoft

internet_explorer

oracle

siebel_option_pack_ie_activex_control

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2009-3737", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-08-17T20:00:02.190", "references": [{"url": "http://secunia.com/advisories/40804", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/174089", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.osvdb.org/66926", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/2028", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/40804", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/174089", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/66926", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/2028", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document."}, {"lang": "es", "value": "El control ActiveX Oracle Siebel Option Pack para IE no inicializa adecuadamente la memoria que usa el m\u00e9todo NewBusObj, lo cual permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de documentos HTML manipulados."}], "lastModified": "2024-11-21T01:08:05.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:siebel_option_pack_ie_activex_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CE97A32-9082-43A6-807F-6B9233E9B22B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cret@cert.org"}