IBM Lotus Quickr ‘’ ActiveX Control Stack Buffer Overflow Vulnerability


IBM Lotus Quickr is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds check user-supplied input.


The original article can be found at:


Vulnerable Systems:
 * IBM Lotus Quickr 8.2

DESCRIPTION: It is possible for an attacker to compromise the ActiveX control used within Lotus Quickr for Domino to remotely execute arbitrary code by instantiating this control from Microsoft Internet Explorer. For a remote attacker to exploit this vulnerability, the following must be accomplished:
1. The user must have Lotus Quickr for Domino installed on the machine.
Important Note: Continuous use of Lotus Quickr for Domino is not required; the vulnerability may be exploited against the ActiveX control regardless of the use of the product.
2. Attacker needs to create malicious code that would exploit the ActiveX control. This code could be part of an attachment by means of e-mail or a Web page.
3. User must be persuaded to execute the attachment or follow a Web site link that contains the malicious code via the Microsoft Internet Explorer Web browser.
4. If the malicious website is running within Internet Explorer’s Internet Zone, the user must typically authorize the ActiveX pop-up dialog before it could be used.

CVE Information:

Disclosure Timeline:
Published: May 24 2012

Categories: News