The Oracle JInitiator ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Oracle JInitiator allows users to run Oracle Developer Server applications within a web browser. Oracle JInitiator includes an ActiveX control called beans.ocx. The Oracle JInitiator ActiveX control is vulnerable to multiple stack buffer overflows in initialization parameters.
The article continues at