| Check Point Reference: |
CPAI-2009-065 |
| Date Published: |
13 Apr 2009 |
| Severity: |
High
|
| Last Updated: |
Thursday 01 January, 2009 |
| Source: |
Secunia ID: 34470 |
| Industry Reference: | CVE-2009-0215
US-CERT VU#340420 |
| Protection Provided by: |
|
| Who is Vulnerable? | IBM Access Support ActiveX control 3.20.284.0 and Prior |
| Vulnerability Description |
IBM Access Support ActiveX Control contains a buffer overflow vulnerability. The IBM Access Support ActiveX control is used by the vendor to collect system information, such as make, model, serial number, OS version, etc. This control is available on the IBM / Lenovo web site, and may also come pre-installed on IBM and Lenovo computer systems. By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash. |
| Update/Patch Avaliable | No patch is currently available. |
| Vulnerability Details | The IBM Access Support ActiveX control, which is provided by IbmEgath.dll, contains a stack buffer overflow in the GetXMLValue() method. To exploit the vulnerability, the attacker needs to entice the target user to visit the malicious web page.Successful exploitation would result in code execution on the affected application. |
Feedback