Buffer overflow in Lotus iNotes
The Lotus iNotes ActiveX control for reading email from within a browser contains a programming error which can result in a buffer overflow. This could be exploited by an attacker to infect an iNotes user with spyware on visiting a crafted web page.
Lotus iNotes, previously known as Lotus Domino Web Access, provides Notes users with web access to their email accounts. To achieve this, it installs an ActiveX control which remains active once used and can then be called by any web site. It thus represents a potential target for attack. IBM does not reveal precisely which versions are affected, but the bug is reported to be fixed in versions 7.0.4 and 8.5. As a work around, the vendor recommends either setting the kill bit for the ActiveX control in question or disabling ActiveX completely.
The problem has an interesting history. iDefense reports that it alerted IBM to the problem in September 2008 – more than 18 months ago. IBM's security alert offers no hint as to why it has taken so long to issue a security warning.
- Buffer Overflow Vulnerability in Lotus iNotes ActiveX Control, Security alert from IBM
- IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability, Security advisory from iDefense