Lotus Domino Web Access ActiveX control InstallBrowserHelperDll buffer overflow
Added: 03/05/2010BID: 38457
OSVDB: 62612
Background
Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. It includes an ActiveX control implemented in inotes6w.dll, dwa7w.dll, dwa8w.dll, and dwa85w.dll.Problem
A buffer overflow vulnerability in the ActiveX control included in Lotus Domino Web Access allows command execution when a user loads a web page which calls the InstallBrowserHelperDll method with a specially crafted General_ServerName property.Resolution
Upgrade to Domino Web Access 7.0.4 or 8.5 or higher, or disable the vulnerable ActiveX controls as described in the IBM support document.References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857Limitations
Exploit works on the ActiveX control included in Lotus Domino Web Access 8.0, and requires the user to load the exploit page in Internet Explorer 6 or 7.Platforms
WindowsBack to exploit index