SAINT CorporationSAINT:91166C7EB5185441960A38CA98045EAALotus Notes iNotes Attachment_Times ActiveX Overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
Added: 08/22/2012
CVE: CVE-2012-2175
BID: 53879
OSVDB: 82755
Background
Lotus Notes is the client for Lotus Domino servers. iNotes is a web-based alternative to the Notes client.
Problem
The iNotes ActiveX control does not properly validate the user-supplied values for the attachment_times parameter. Heap corruption may occur if a specially crafted value is supplied. A malicious website could exploit this vulnerability via Javascript to use it to gain remote execution access on the target’s system.
Resolution
Apply the hotfix supplied by the IBM Security Bulletin.
Alternatively, the problem can be mitigated by disabling the ActiveX control for scripting in Internet Explorer. The GUID of the ActiveX control is 0F2AAAE3-7E9E-4b64-AB5D-1CA24C6ACB9C. Further instructions are available in the aforementioned IBM Security Bulletin.
References
<http://www-01.ibm.com/support/docview.wss?uid=swg21596862>
Limitations
This exploit has been tested against IBM Lotus iNotes 8.5.3 FP1 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%