The Oracle JInitiator ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

This story continues at
http://www.dbasupport.com/oracle/news/JInitiator.shtml