Lucene search

[email protected]CVE-2009-3737

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2009-3737

2022-10-0316:23:54

CWE-94

[email protected]

web.nvd.nist.gov

cve-2009-3737

oracle

siebel

option pack

activex

memory initialization

vulnerability

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

JSON

The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.

Affected configurations

NVD

Node

oraclesiebel_option_pack_ie_activex_control

AND

microsoftinternet_explorer

CPENameOperatorVersion
oracle:siebel_option_pack_ie_activex_controloracle siebel option pack ie activex controleq*

CPE	Name	Operator	Version
oracle:siebel_option_pack_ie_activex_control	oracle siebel option pack ie activex control	eq	*

References

secunia.com/advisories/40804

www.kb.cert.org/vuls/id/174089

www.osvdb.org/66926

www.vupen.com/english/advisories/2010/2028

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for CVE-2009-3737

cert1 cvelist1 seebug1 prion1 nvd1