Lotus Domino Web Access ActiveX control InstallBrowserHelperDll buffer overflow

Added: 03/05/2010
BID: 38457
OSVDB: 62612

Background

Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. It includes an ActiveX control implemented in inotes6w.dll, dwa7w.dll, dwa8w.dll, and dwa85w.dll.

Problem

A buffer overflow vulnerability in the ActiveX control included in Lotus Domino Web Access allows command execution when a user loads a web page which calls the InstallBrowserHelperDll method with a specially crafted General_ServerName property.

Resolution

Upgrade to Domino Web Access 7.0.4 or 8.5 or higher, or disable the vulnerable ActiveX controls as described in the IBM support document.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857

Limitations

Exploit works on the ActiveX control included in Lotus Domino Web Access 8.0, and requires the user to load the exploit page in Internet Explorer 6 or 7.

Platforms

Windows

Back to exploit index