Vulnerability Description
The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Egatherer | 2.0.0.16 |
References
- http://marc.info/?l=bugtraq&m=108746693619324&w=2
- http://marc.info/?l=full-disclosure&m=108741557604568&w=2
- http://research.eeye.com/html/advisories/published/AD20040615B.html
- http://secunia.com/advisories/11072
- http://www.eeye.com/html/research/advisories/AD20040615B.htmlExploitPatchVendor Advisory
- http://www.osvdb.org/7090
- http://www.securityfocus.com/bid/10562
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16428
- http://marc.info/?l=bugtraq&m=108746693619324&w=2
- http://marc.info/?l=full-disclosure&m=108741557604568&w=2
- http://research.eeye.com/html/advisories/published/AD20040615B.html
- http://secunia.com/advisories/11072
- http://www.eeye.com/html/research/advisories/AD20040615B.htmlExploitPatchVendor Advisory
- http://www.osvdb.org/7090
- http://www.securityfocus.com/bid/10562
FAQ
What is CVE-2004-2663?
CVE-2004-2663 is a vulnerability with a CVSS score of 7.5 (HIGH). The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a ...
How severe is CVE-2004-2663?
CVE-2004-2663 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2663?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Egatherer.