Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:1D2327CD9DA02FC5055781406EB37D0D
HistoryAug 21, 2006 - 12:00 a.m.

IBM eGatherer ActiveX RunEgatherer buffer overflow

2006-08-2100:00:00
SAINT Corporation
my.saintcorporation.com
9

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.868

Percentile

98.6%

JSON

Added: 08/21/2006
CVE: CVE-2006-4221
BID: 19554
OSVDB: 27976

Background

The eGatherer ActiveX control is installed with IBM Access Support.

Problem

A buffer overflow in the eGatherer ActiveX control allows command execution by a web page which sends a long, specially crafted file name to the RunEgatherer function.

Resolution

An update is available from <http://www-307.ibm.com/pc/support/IbmEgath.cab&gt;.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0503.html&gt;

Limitations

Exploit works with IBM Message Center 2.102b. A user must load the exploit page on a vulnerable computer in order for the exploit to succeed.

Platforms

Windows 2000
Windows XP

Related

exploitpack 1
cvelist 1
saint 3
exploitdb 1
cve 1
seebug 2
nessus 1
zdt 1
checkpoint_advisories 1
cert 1
nvd 1
exploitpack
exploitpack
IBM eGatherer 3.20.0284.0 - ActiveX Remote Code Execution (Metasploit)
2006-08-29 00:00:00
cvelist
cvelist
CVE-2006-4221
2006-08-18 19:55:00
saint
saint
IBM eGatherer ActiveX RunEgatherer buffer overflow
2006-08-21 00:00:00
IBM eGatherer ActiveX RunEgatherer buffer overflow
2006-08-21 00:00:00
IBM eGatherer ActiveX RunEgatherer buffer overflow
2006-08-21 00:00:00
exploitdb
exploitdb
IBM eGatherer 3.20.0284.0 - ActiveX Remote Code Execution (Metasploit)
2006-08-29 00:00:00
cve
cve
CVE-2006-4221
2006-08-18 20:04:00
seebug
seebug
IBM eGatherer &lt;= 3.20.0284.0 (ActiveX) Remote Code Execution Exploit
2006-08-29 00:00:00
IBM eGatherer <= 3.20.0284.0 (ActiveX) Remote Code Execution Exploit
2014-07-01 00:00:00
nessus
nessus
IBM eGatherer ActiveX RunEgatherer Function Overflow
2006-08-21 00:00:00
zdt
zdt
IBM eGatherer <= 3.20.0284.0 (ActiveX) Remote Code Execution Expl
2006-08-29 00:00:00
checkpoint_advisories
checkpoint_advisories
IBM eGatherer ActiveX RunEgatherer Function Buffer Overflow (CVE-2006-4221)
2010-02-09 00:00:00
cert
cert
IBM Access Support eGatherer ActiveX control buffer overflow
2006-09-08 00:00:00
nvd
nvd
CVE-2006-4221
2006-08-18 20:04:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.868

Percentile

98.6%

JSON
Related for SAINT:1D2327CD9DA02FC5055781406EB37D0D
exploitpack1cvelist1saint3exploitdb1cve1seebug2nessus1zdt1checkpoint_advisories1cert1nvd1