Unrated severityNVD Advisory· Published Aug 31, 2007· Updated Apr 23, 2026

CVE-2007-4467

Description

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.

Affected products

Oracle Corporation/Jinitiator5 versions
cpe:2.3:a:oracle:jinitiator:1.1.5:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:oracle:jinitiator:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jinitiator:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jinitiator:1.1.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jinitiator:1.1.8.25:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jinitiator:1.1.8.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26644nvdVendor Advisory
www.vupen.com/english/advisories/2007/3007nvdVendor Advisory
www.kb.cert.org/vuls/id/474433nvdUS Government Resource
osvdb.org/37711nvd
securitytracker.com/idnvd
www.integrigy.com/security-resources/analysis/integrigy-oracle-jinitiator-vulnerability.pdfnvd
www.securityfocus.com/archive/1/479186/100/100/threadednvd
www.securityfocus.com/bid/25473nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36310nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.025
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000