CVE-2009-3737

Published: Aug 17, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.

Affected (1)

Products: Oracle: Siebel Option Pack Ie Activex Control

Oracle

1 product

Siebel Option Pack Ie Activex Control

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Oracle Siebel Option Pack Ie Activex Control	All versions

Running on/with	Platform Versions
Microsoft Internet Explorer	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://secunia.com/advisories/40804

Source: cret@cert.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/174089

Source: cret@cert.org

US Government Resource

http://www.osvdb.org/66926

Source: cret@cert.org

http://www.vupen.com/english/advisories/2010/2028

Source: cret@cert.org

Vendor Advisory

http://secunia.com/advisories/40804

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.kb.cert.org/vuls/id/174089

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.osvdb.org/66926

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/2028

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.