Lotus Notes iNotes Attachment_Times ActiveX Overflow

Added: 08/22/2012
CVE: CVE-2012-2175
BID: 53879
OSVDB: 82755

Background

Lotus Notes is the client for Lotus Domino servers. iNotes is a web-based alternative to the Notes client.

Problem

The iNotes ActiveX control does not properly validate the user-supplied values for the attachment_times parameter. Heap corruption may occur if a specially crafted value is supplied. A malicious website could exploit this vulnerability via Javascript to use it to gain remote execution access on the target's system.

Resolution

Apply the hotfix supplied by the IBM Security Bulletin.
Alternatively, the problem can be mitigated by disabling the ActiveX control for scripting in Internet Explorer. The GUID of the ActiveX control is 0F2AAAE3-7E9E-4b64-AB5D-1CA24C6ACB9C. Further instructions are available in the aforementioned IBM Security Bulletin.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21596862

Limitations

This exploit has been tested against IBM Lotus iNotes 8.5.3 FP1 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows

Back to exploit index