CVE-2006-4221

Severity

93%

Complexity

86%

Confidentiality

165%

Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method.

Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

IBM eGatherer

First reported 18 years ago

2006-08-18 20:04:00

Last updated 6 years ago

2018-10-17 21:34:00

Affected Software

IBM eGatherer 2.0.16

2.0.16

IBM eGatherer 2.42.243

2.42.243

References

21528

Patch, Vendor Advisory

1424

1016705

http://www.eeye.com/html/research/advisories/AD20060816.html

Patch, Vendor Advisory

VU#380277

US Government Resource

20060816 [EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability

20060829 [ISR] - IBM eGatherer ActiveX Code Execution PoC

19554

Exploit, Patch

ADV-2006-3305

egatherer-activex-runegatherer-bo(28418)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.