CVE-2009-0215

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-0215. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/browser/ibmegath_getxmlvalue.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in IBM Access Support ActiveX Control (IbmEgath.dll 3.20.284.0) via the GetXMLValue() method. It uses heap spraying and a long string to trigger arbitrary code execution.

Description

Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16517

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in IBM Access Support ActiveX Control (IbmEgath.dll 3.20.284.0) via the GetXMLValue() method. It uses heap spraying and a long string to trigger arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IBM Access Support ActiveX Control (IbmEgath.dll 3.20.284.0)

No auth needed

Prerequisites: Victim must visit a malicious webpage hosting the exploit · ActiveX control must be installed and enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb