Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:1D27487FC81A0EA413996B428FA08844
HistoryAug 22, 2012 - 12:00 a.m.

Lotus Notes iNotes Attachment_Times ActiveX Overflow

2012-08-2200:00:00
SAINT Corporation
www.saintcorporation.com
14

0.968 High

EPSS

Percentile

99.6%

JSON

Added: 08/22/2012
CVE: CVE-2012-2175
BID: 53879
OSVDB: 82755

Background

Lotus Notes is the client for Lotus Domino servers. iNotes is a web-based alternative to the Notes client.

Problem

The iNotes ActiveX control does not properly validate the user-supplied values for the attachment_times parameter. Heap corruption may occur if a specially crafted value is supplied. A malicious website could exploit this vulnerability via Javascript to use it to gain remote execution access on the target’s system.

Resolution

Apply the hotfix supplied by the IBM Security Bulletin.
Alternatively, the problem can be mitigated by disabling the ActiveX control for scripting in Internet Explorer. The GUID of the ActiveX control is 0F2AAAE3-7E9E-4b64-AB5D-1CA24C6ACB9C. Further instructions are available in the aforementioned IBM Security Bulletin.

References

<http://www-01.ibm.com/support/docview.wss?uid=swg21596862&gt;

Limitations

This exploit has been tested against IBM Lotus iNotes 8.5.3 FP1 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows

Related

saint 3
zdt 1
checkpoint_advisories 1
nessus 1
packetstorm 1
prion 1
securityvulns 2
seebug 1
zdi 1
cve 1
saint
saint
Lotus Notes iNotes Attachment_Times ActiveX Overflow
2012-08-22 00:00:00
Lotus Notes iNotes Attachment_Times ActiveX Overflow
2012-08-22 00:00:00
Lotus Notes iNotes Attachment_Times ActiveX Overflow
2012-08-22 00:00:00
zdt
zdt
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow Vulnerability
2012-12-31 00:00:00
checkpoint_advisories
checkpoint_advisories
IBM Lotus iNotes dwa85W.dll ActiveX Control Buffer Overflow (CVE-2012-2175)
2012-10-14 00:00:00
nessus
nessus
IBM Lotus iNotes Upload Module ActiveX Control Attachment_Times() Method Buffer Overflow
2012-06-19 00:00:00
packetstorm
packetstorm
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
2012-12-31 00:00:00
prion
prion
Buffer overflow
2012-06-20 10:27:00
securityvulns
securityvulns
ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability
2012-08-13 00:00:00
IBM Lotus iNotes / Quickr ActiveX code execution
2012-08-13 00:00:00
seebug
seebug
IBM Lotus iNotes Upload模块ActiveX控件缓冲区溢出漏洞
2012-06-27 00:00:00
zdi
zdi
IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability
2012-08-03 00:00:00
cve
cve
CVE-2012-2175
2012-06-20 10:27:00

0.968 High

EPSS

Percentile

99.6%

JSON
Related for SAINT:1D27487FC81A0EA413996B428FA08844
saint3zdt1checkpoint_advisories1nessus1packetstorm1prion1securityvulns2seebug1zdi1cve1