| VID |
28157 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The eGatherer ActiveX control on IBM workstations and laptops, according to its version number, has a buffer overflow vulnerability in the 'RunEgatherer' function. IBM eGatherer is a program that collects configuration information from a user's computer to help with the diagnosis of problems reported to IBM. IBM eGatherer ActiveX control versions prior to 3.20.284.0 are vulnerable to a buffer overflow vulnerability which exist in the 'RunEgatherer' function. By passing an overly long eGatherer log output parameter to the 'RunEgatherer' function, a remote attacker could overflow a buffer and execute arbitrary code on the affected system.
* Note: This check solely relied on the version of the IBM eGatherer ActiveX control installed on the remote system to assess this vulnerability, so this might be a false positive.
* References:
http://www-306.ibm.com/pc/support/site.wss/MIGR-4R5VKC.html
http://www.securityfocus.com/archive/1/443471
http://secunia.com/advisories/21528/
http://www.frsirt.com/english/advisories/2006/3305
http://research.eeye.com/html/advisories/published/AD20060816.html
* Platforms Affected:
IBM eGatherer ActiveX control versions prior to 3.20.284.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of eGatherer ActiveX control (3.20.284.0 or later), available from the IBM eGatherer ActiveX control Web site at http://www-307.ibm.com/pc/support/IbmEgath.cab |
| Related URL |
CVE-2006-4221 (CVE) |
| Related URL |
19554 (SecurityFocus) |
| Related URL |
28418 (ISS) |
|
