CVE-2009-0215

IBM Access Support ActiveX Control - Stack-Based Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16517

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/52958

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49409

[Third Party Advisory] http://secunia.com/advisories/34470

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/0824

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34228

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/340420

Scores

EPSS 0.6371

EPSS Percentile 98.4%

Details

CWE

CWE-119

Status published

Products (1)

ibm/access_support_activex_control 3.20.284.0

Published Mar 25, 2009

Tracked Since Feb 18, 2026