[原文]The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 18.104.22.168 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.
IBM Access Support eGatherer ActiveX File Download
Remote / Network Access,
Loss of Integrity
Access Support contains a flaw in Atctive X control that may allow a remote attacker to upload arbitrary files. The issue is due to insecure methods ("SetDebugging()" and "RunEgatherer()") in Active control. By tricking the user into visiting a malicious website, a remote attacker may download a remote file and execute it on the user's system, resulting in a loss of confidentiality, integrity, and availability.
Updates are available for customers to download. An upgrade is required as there are no known workarounds.