Skip to main content

IBM Lotus iNotes Upload Module ActiveX Control Buffer Overflow Vulnerability

Last Update Date: 11 Jun 2012 11:48 Release Date: 11 Jun 2012 5313 Views

RISK: High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in IBM Lotus iNotes Upload Module ActiveX Control, which can be exploited by malicious people to compromise a user's system.

 

The vulnerability is caused due to an error within the dwa85W.dll module and can be exploited to cause a buffer overflow by assigning an overly long string to the "Attachment_Times" property.  Successful exploitation may allow execution of arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • IBM Lotus iNotes 8.5.x
  • IBM Lotus iNotes Upload Module ActiveX Control 8.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply Interim Fix 1 for version 8.5.3 Fix Pack 1.

Vulnerability Identifier


Source


Related Link