14 DAY TRIAL // ActiveX Control Buffer Overflow Vulnerabilities have been disclosed within Oracle JInitiator, as Secunia informs.
JInitiator is a Java Virtual Machine made and distributed by the Oracle Corporation. It allows a web enabled Oracle Forms client application to be run inside a web browser. This JVM is called only when a web-based Oracle application is accessed. This behavior is implemented by plugin or an ActiveX control, depending on the browser. Also, Oracle has announced that the upcoming release of Forms (version 11) will most likely eliminate the need for JInitiator completely.
As Secunia informs, the flaws have been reported to affect the beans.ocx file and they could be used by a malicious user to compromise a system. You can see what an .ocx file is, by clicking on this link.
In any case, as Secunia reads, the vulnerabilities are caused by errors within the Oracle JInitiator "beans.ocx" ActiveX control when handling certain unspecified initialization parameters. This can be exploited to cause stack-based buffer overflows, for example by tricking a user into visiting a malicious website. The vulnerabilities are reported in version 1.1.8.16 of Oracle JInitiator, and successful exploitation may allow the execution of arbitrary code, as I've seen on the same site mentioned above.
The vendor did not patch this yet, and to be frank, I wouldn't worry too much about it, since there is going to be an update of Forms that will redeem this problem once and for all. But if you do want a solution, you may try to set the kill-bit for the affected ActiveX control, by yourself.
Also, you may want to check the original advisory, by clicking on this link. It explains things pretty well, in my opinion and it will help you fix this issue.