Stack-based Buffer Overflow in IBM Access Support eGatherer ActiveX Control
CVE-2006-4221

Currently unrated

Key Information:

Vendor: IBM
Status: Egatherer
Vendor: CVE Published:; 18 August 2006

Summary

The IBM Access Support eGatherer ActiveX control contains a stack-based buffer overflow that could allow remote attackers to execute arbitrary code. The vulnerability arises when handling excessively long filename parameters passed to the RunEgatherer method. This flaw, present in versions prior to 3.20.0284.0, poses significant security risks as it can be exploited by simply crafting a malicious filename.

References

http://www.securityfocus.com/archive/1/444899/100/100/thr...

mailing-listx_refsource_BUGTRAQ

http://securitytracker.com/id?1016705

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/28418

vdb-entryx_refsource_XF

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 18, 2006
Vulnerability Reserved
Aug 18, 2006