Check Point Advisories

Update Protection against IBM Lotus Domino Web Access ActiveX Controls Buffer Overflow

Check Point Reference: CPAI-2010-125
Date Published: 23 Apr 2010
Severity: High
Last Updated: Friday 01 January, 2010
Source: Secunia Advisory: SA38681
Protection Provided by:
Who is Vulnerable? IBM Lotus Domino 6.5
IBM Lotus Domino 7.0 prior to 7.0.4
IBM Lotus Domino 8 prior to 8.5
Vulnerability Description A vulnerability has been reported in IBM Lotus Domino, a Web browser-based client platform that provides functionality similar to that of IBM Lotus Notes. The vulnerability is due to a boundary error while handling malformed data passed to the iNotes Web Access ActiveX controls. A remote attacker could exploit the vulnerability via a crafted web page. This could cause memory corruption that may lead to arbitrary code execution.
Update/Patch AvaliableIBM has released an advisory addressing this vulnerability.
Vulnerability DetailsThe vulnerability is due to insufficient boundary checking in the Lotus Domino Web Access ActiveX control when handling the InstallBrowserHelperDll() method. A remote attacker can exploit this vulnerability by enticing a target user to visit a crafted web page using Internet Explorer.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK