IBM Lotus iNotes dwa85W ActiveX Buffer Overflow Vulnerability

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "AttachmentTimes" property, due to the insecure usage of the swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNote...

IBM Lotus iNotes dwa85W ActiveX Buffer Overflow

This module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "AttachmentTimes" property, due to the insecure usage of the swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX...

IBM Lotus iNotes dwa85W.dll ActiveX Control Buffer Overflow (CVE-2012-2175)

A buffer overflow vulnerability has been reported in IBM Lotus iNotes...

Lotus Notes iNotes Attachment_Times ActiveX Overflow

Added: 08/22/2012 CVE: CVE-2012-2175 BID: 53879 OSVDB: 82755 Background Lotus Notes is the client for Lotus Domino servers. iNotes is a web-based alternative to the Notes client. Problem The iNotes ActiveX control does not properly validate the user-supplied values for the attachmenttimes...

Lotus Notes iNotes Attachment_Times ActiveX Overflow

Added: 08/22/2012 CVE: CVE-2012-2175 BID: 53879 OSVDB: 82755 Background Lotus Notes is the client for Lotus Domino servers. iNotes is a web-based alternative to the Notes client. Problem The iNotes ActiveX control does not properly validate the user-supplied values for the attachmenttimes...

Lotus Notes iNotes Attachment_Times ActiveX Overflow

Added: 08/22/2012 CVE: CVE-2012-2175 BID: 53879 OSVDB: 82755 Background Lotus Notes is the client for Lotus Domino servers. iNotes is a web-based alternative to the Notes client. Problem The iNotes ActiveX control does not properly validate the user-supplied values for the attachmenttimes...

Lotus Notes iNotes Attachment_Times ActiveX Overflow

Added: 08/22/2012 CVE: CVE-2012-2175 BID: 53879 OSVDB: 82755 Background Lotus Notes is the client for Lotus Domino servers. iNotes is a web-based alternative to the Notes client. Problem The iNotes ActiveX control does not properly validate the user-supplied values for the attachmenttimes...

ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX AttachmentTimes Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-132 August 3, 2012 - -- CVE ID: CVE-2012-2175 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...

IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus iNotes. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dwa85W.cab...

IBM Lotus iNotes Upload模块ActiveX控件缓冲区溢出漏洞

BUGTRAQ ID: 53879 CVE ID: CVE-2012-2175 Lotus iNotes之前被称为Lotus Domino Web Access，是Lotus Domino服务器基于web的消息和协作界面。 IBM Lotus iNotes 8.5.3 FP2之前版本dwa85W.dll内的某些ActiveX控件中的AttachmentTimes方法在实现上存在缓冲区溢出漏洞，通过较长的参数可允许远程攻击者执行任意代码。 0 IBM Lotus iNotes 厂商补丁： IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2012-2175

Buffer overflow in the AttachmentTimes method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument...

Buffer overflow

Buffer overflow in the AttachmentTimes method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument...

CVE-2012-2175

CVE-2012-2175 describes a buffer overflow in the Attachment_Times handling of the dwa85W.dll ActiveX control used by IBM Lotus iNotes 8.5.x. The overflow arises from processing a long argument to the Attachment_Times property, leading to remote code execution. Documented impact is remote executio...

CVE-2012-2175

Buffer overflow in the AttachmentTimes method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument...

IBM Lotus iNotes Upload Module ActiveX Control Attachment_Times() Method Buffer Overflow

The Lotus iNotes Upload Module ActiveX Control is installed on the remote Windows host. The installed version of the control is affected by a buffer overflow vulnerability in the AttachmentTimes method. By tricking a victim into visiting a specially crafted page, an attacker may be able to execut...

CVE-2010-4591

The Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a...

Design/Logic Flaw

The Connection Manager in IBM Lotus Mobile Connect LMC before 6.1.4, when HTTP Access Services HTTP-AS is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a...

CVE-2010-4591

The CVE-2010-4591 entry concerns IBM Lotus Mobile Connect (LMC)

Information disclosure

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service daemon crash by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client...

CVE-2010-4548

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service daemon crash by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client...