CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.6%
Added: 08/21/2006
CVE: CVE-2006-4221
BID: 19554
OSVDB: 27976
The eGatherer ActiveX control is installed with IBM Access Support.
A buffer overflow in the eGatherer ActiveX control allows command execution by a web page which sends a long, specially crafted file name to the RunEgatherer function.
An update is available from <http://www-307.ibm.com/pc/support/IbmEgath.cab>.
<http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0503.html>
Exploit works with IBM Message Center 2.102b. A user must load the exploit page on a vulnerable computer in order for the exploit to succeed.
Windows 2000
Windows XP