This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempt to exploit a buffer overflow vulnerability by passing long arguments into a method of IBM Lotus Domino Web Access Upload Module ActiveX Control.
IBM Lotus Domino is a client/server product designed for collaborative working environments. Domino Server supports email, scheduling, instant messaging, and data-driven applications. Web Access is a browser-based client for Lotus Domino.
IBM Lotus Domino Web Access Upload module is prone to a memory-corruption vulnerability because of an insecure method in the ActiveX controls with the following CLSIDs:
This issue affects the 'inotes6.ddl' and 'intes6w.dll' files of Domino 6.x and the 'dwa7.dll' and 'dwa7W.dll' files of Domino 7.x. An attacker can trigger this issue by setting the 'General_ServerName()' attribute to a large value before calling the 'InstallBrowserHelperDll()' method.
The attacker can exploit this issue by enticing an unsuspecting user to view a malicious HTML page.
Successfully exploiting this issue can allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
- IBM Domino Web Access 6.0, 6.5, 7.0, 6.0.1, 6.0.1 1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 7.0.1
- IBM Lotus Domino Web Access 7.0.1
- IBM Lotus Domino Web Access Upload Module 184.108.40.206