CVE-2004-2663

Sažetak

The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.

Reference

http://marc.info/?l=bugtraq&m=108746693619324&w=2
http://marc.info/?l=full-disclosure&m=108741557604568&w=2
http://research.eeye.com/html/advisories/published/AD20040615B.html
http://secunia.com/advisories/11072
http://www.eeye.com/html/research/advisories/AD20040615B.html
http://www.osvdb.org/7090
http://www.securityfocus.com/bid/10562
https://exchange.xforce.ibmcloud.com/vulnerabilities/16428

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-07-2017 - 01:29

Objavljeno

31-12-2004 - 05:00