IBM Lotus Quickr QP2 ActiveX Overflow

Added: 05/31/2012
CVE: CVE-2012-2176
BID: 53678
OSVDB: 82166


IBM Lotus Quickr is a team collaboration solution that provides teams with a data repository, and interfaces with Lotus Notes, Sametime, Symphony, and more.


The Lotus Quickr client installs several ActiveX controls on the client system. These controls can be accessed by any website. The Attachment_Times and Import_Times methods of the QuickPlace.QuickPlace class do not properly sanitize their parameters. Passing an overly long parameter will result in an exploitable heap overflow condition.


Upgrade to version or later.
Alternatively, the vulnerable ActiveX control can be disabled in Internet Explorer by manually setting the kill bit. Complete the following steps to set the kill bit on the machine where Quickr for Domino is installed. 1. Start the Microsoft Windows Registry Editor (regedit). 2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveXCompatibility 3. Add a new Key: {05D96F71-87C6-11d3-9BE4-00902742D6E0} 4. Select that Key and create a new DWORD value named: Compatibility Flags 5. Set the Compatibility Flags value to: 0x00000400 6. Exit the Registry Editor. 7. Restart Internet Explorer.



This exploit has been tested against Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn) using Internet Explorer version 8 and 9.



Back to exploit index