IBM Lotus iNotes ActiveX Control Remote Buffer Overflow Vulnerability
Last Update Date:
28 Jan 2011
Release Date:
2 Mar 2010
5422
Views
RISK: Medium Risk
A vulnerability has been identified in IBM Lotus iNotes (Domino Web Access) ActiveX control, which could be exploited by remote attackers to compromise an affected system. This issue is caused by a buffer overflow error when processing malformed data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
Impact
- Remote Code Execution
System / Technologies affected
- IBM Lotus iNotes (Domino Web Access) versions prior to 8.5
- IBM Lotus iNotes (Domino Web Access) versions prior to 7.0.4
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to IBM iNotes version 7.0.4 or 8.5 :
http://www.ibm.com/software/lotus/support/upgradecentral/index.html - Or set kill bits for CLSIDs :
- {3BFFE033-BF43-11d5-A271-00A024A51325}
- {983A9C21-8207-4B58-BBB8-0EBC3D7C5505}
- {E008A543-CEFB-4559-912F-C27C2B89F13B}
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with