CVE-2009-3737

Severity CVSS v4.0:

Pending analysis

Type:

CWE-94 Code Injection

Publication date:

17/08/2010

Last modified:

11/04/2025

Description

The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.

Impact

Vector 2.0

AV:N/AC:M/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 9.30 HIGH
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete