CVE-2009-0215

Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/52958
http://secunia.com/advisories/34470
http://www.kb.cert.org/vuls/id/340420	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/34228
http://www.vupen.com/english/advisories/2009/0824	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49409

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:access_support_activex_control:3.20.284.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-03-25 15:30

Updated : 2024-02-28 11:21

NVD link : CVE-2009-0215

Mitre link : CVE-2009-0215

CVE.ORG link : CVE-2009-0215

JSON object : View

Products Affected

ibm

access_support_activex_control

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2009-0215", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-03-25T15:30:00.217", "references": [{"url": "http://osvdb.org/52958", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/34470", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/340420", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/34228", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2009/0824", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49409", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en el m\u00e9todo GetXMLValue del control ActiveX en IBM Access Support en IbmEgath.dll, como el distribuido en los ordenadores IBM y Lenovo, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no espec\u00edficos."}], "lastModified": "2017-08-08T01:33:50.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:access_support_activex_control:3.20.284.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AE3A9DF-C502-4C74-8FD6-A5FC152BB317"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}