IBM's ThinkVantage ActiveX control allows code smuggling
The security service provider eEye has discovered a potential buffer overrun in the eGatherer ActiveX module that could be exploited by attackers for such attacks as smuggling malware via specially prepared websites. IBM delivers all its desktop computers and laptops with update software named ThinkVantage. Laptop users can start the software using a special dedicated key. This update software is based on the affected ActiveX control.
Within the eGatherer module, the RunEgatherer function can be called together with a parameter from websites that describes the path and file name of the log file. This parameter is obviously copied into a fixed sized buffer, since the eEye security advisory explains that the hole can be reliably exploited by overlong values as parameters.
IBM has released an updated version of the ActiveX module. Affected users – i.e. all users who have installed ThinkVantage on a Windows operating system – should download and install the updated version of eGatherer components as soon as possible.
- IBM eGatherer ActiveX Code Execution Vulnerability, Vulnerability advisory from eEye at Full Disclosure
- Direct download of the updated eGatherer ActiveX module
- ThinkVantage Downloads from IBM