Affected Versions:
Oracle Siebel Option Pack for IE 7.x
Vulnerability description:
Cve id: CVE-2009-3737Siebel Option Pack for IE is an ActiveX control provided by Oracle Siebel CRM software. The Siebel Option Pack for IE ActiveX control does not properly initialize the memory used by the NewBusObj () method,
A user is cheated to access a malicious webpage and calls this method with special parameters, which may lead to arbitrary code execution.
<* Reference
Http://secunia.com/advisories/40804/
Http://www.kb.cert.org/vuls/id/174089
*>
Temporary solution: * Save the following text as a. REG file and import it: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet assumeractivex Compatibility
{07070bfd-c501-4899-934d-0b96a9f70795}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet Explorer
ActiveX Compatibility{07070bfd-c501-4899-934d-0b96a9f70795}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility
{26bac093-997c-4084-bad6-c35f5d67ea99}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet Explorer
ActiveX Compatibility{26bac093-997c-4084-bad6-c35f5d67ea99}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility
{45874228-a445-40dc-962b-ec15559b1741}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet Explorer
ActiveX Compatibility{45874228-a445-40dc-962b-ec15559b1741}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility
{631F0C94-C02F-40AC-A31B-DDC39731FC81}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet Explorer
ActiveX Compatibility{631F0C94-C02F-40AC-A31B-DDC39731FC81}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility
{68cdb19a-6305-4589-8c35-41e3502cd451}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet Explorer
ActiveX Compatibility{68cdb19a-6305-4589-8c35-41e3502cd451}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility
{81a81dd2-a261-442a-b9b1-df10a2542020}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet Explorer
ActiveX Compatibility {81a81dd2-a261-442a-b9b1-df10a2542020}] "Compatibility Flags" = dword: 00000400 vendor patch: Oracle ------ vendor has not provided patch or upgrade program yet, we recommend that users who use this software stay tuned to the vendor's homepage for the latest version: http://www.oracle.com