Vulnerability in IBM access
Hello,
I would like to make to Bugtraq knowledge the existence of a security
vulnerability in IBM access software. IBM access is vulnerable to a Shared
Section vulnerability. The processes QCWLICON.exe and QCTRAY.exe have the
section \BaseNamedObjects\QCONDB with invalid rights which allows everyone to
read the configuration of all connections and to write arbitrary data to create
a dos against the application.
This could be shown with the Process Explorer tool by sysinternal and used by
the ListSS, DumpSS and TestSS tools written by C Cerrudo.
Regards,
Sylvain ROGER
Security Consultant
http://www.solucom.fr