Lotus Domino Web Access ActiveX control InstallBrowserHelperDll buffer overflowAdded: 03/05/2010
BackgroundLotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. It includes an ActiveX control implemented in inotes6w.dll, dwa7w.dll, dwa8w.dll, and dwa85w.dll.
ProblemA buffer overflow vulnerability in the ActiveX control included in Lotus Domino Web Access allows command execution when a user loads a web page which calls the InstallBrowserHelperDll method with a specially crafted General_ServerName property.
ResolutionUpgrade to Domino Web Access 7.0.4 or 8.5 or higher, or disable the vulnerable ActiveX controls as described in the IBM support document.
LimitationsExploit works on the ActiveX control included in Lotus Domino Web Access 8.0, and requires the user to load the exploit page in Internet Explorer 6 or 7.
Back to exploit index