In association with heise online

17 August 2006, 12:05

IBM's ThinkVantage ActiveX control allows code smuggling

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The security service provider eEye has discovered a potential buffer overrun in the eGatherer ActiveX module that could be exploited by attackers for such attacks as smuggling malware via specially prepared websites. IBM delivers all its desktop computers and laptops with update software named ThinkVantage. Laptop users can start the software using a special dedicated key. This update software is based on the affected ActiveX control.

Within the eGatherer module, the RunEgatherer function can be called together with a parameter from websites that describes the path and file name of the log file. This parameter is obviously copied into a fixed sized buffer, since the eEye security advisory explains that the hole can be reliably exploited by overlong values as parameters.

IBM has released an updated version of the ActiveX module. Affected users – i.e. all users who have installed ThinkVantage on a Windows operating system – should download and install the updated version of eGatherer components as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit