Update Protection against IBM Lotus Domino Web Access ActiveX Controls Buffer Overflow
| Check Point Reference: | CPAI-2010-125 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA38681 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? IBM Lotus Domino 6.5 IBM Lotus Domino 7.0 prior to 7.0.4 IBM Lotus Domino 8 prior to 8.5 | ||
| Vulnerability Description A vulnerability has been reported in IBM Lotus Domino, a Web browser-based client platform that provides functionality similar to that of IBM Lotus Notes. The vulnerability is due to a boundary error while handling malformed data passed to the iNotes Web Access ActiveX controls. A remote attacker could exploit the vulnerability via a crafted web page. This could cause memory corruption that may lead to arbitrary code execution. |
||
|
Update/Patch Available IBM has released an advisory addressing this vulnerability. |
|
|
Vulnerability Details The vulnerability is due to insufficient boundary checking in the Lotus Domino Web Access ActiveX control when handling the InstallBrowserHelperDll() method. A remote attacker can exploit this vulnerability by enticing a target user to visit a crafted web page using Internet Explorer. |
Protection Overview The protection will detect and block attempts to use the Lotus Domino ActiveX control in HTML documents.
To configure the defense, select your product from the list below and follow the related protection steps.