IBM Access Support ActiveX Control GetXMLValue Method Overflow
High Nessus Plugin ID 38977
SynopsisThe remote Windows host has an ActiveX control that is affected by a buffer overflow vulnerability.
DescriptionThe version of the IBM Access Support ActiveX control, used to support IBM and Lenovo computer systems and installed on the remote Windows host, reportedly contains a stack-based buffer overflow that can be triggered by calling the 'GetXMLValue' method with an overly long argument. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to execute arbitrary code on the affected system subject to the user's privileges.
SolutionUnknown at this time.