CVE-2004-2663 Information

Description

The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content as demonstrated by creating a .hta file in a Startup folder.

Reference

http://marc.info/?l=bugtraq&m=108746693619324&w=2 http://marc.info/?l=full-disclosure&m=108741557604568&w=2 http://research.eeye.com/html/advisories/published/AD20040615B.html http://secunia.com/advisories/11072 http://www.eeye.com/html/research/advisories/AD20040615B.html http://www.osvdb.org/7090 http://www.securityfocus.com/bid/10562 https://exchange.xforce.ibmcloud.com/vulnerabilities/16428