Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. It includes an ActiveX control implemented in
A buffer overflow vulnerability in the ActiveX control included in Lotus Domino Web Access allows command execution when a user loads a web page which calls the
**InstallBrowserHelperDll** method with a specially crafted
Upgrade to Domino Web Access 7.0.4 or 8.5 or higher, or disable the vulnerable ActiveX controls as described in the IBM support document.
Exploit works on the ActiveX control included in Lotus Domino Web Access 8.0, and requires the user to load the exploit page in Internet Explorer 6 or 7.