Intrusion Prevention

IBM.EGatherer.ActiveX.RunEgatherer.Method.Buffer.Overflow

Description

A vulnerability has been identified in IBM eGatherer ActiveX Control, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to a buffer overflow error when processing an overly long argument passed to the "RunEgatherer" method, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by tricking a user into visiting a specially crafted web page.

Affected Products

IBM eGatherer 2.42.243
IBM eGatherer 2.0 .16

Impact

Denial of Service or execute arbitrary commands.

Recommended Actions

Upgrade to eGatherer ActiveX control 3.20.0284.0 :
http://www-307.ibm.com/pc/support/IbmEgath.cab

CVE References

CVE-2006-4221