1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: IBM Lotus Quickr CVE-2013-3026

Web Attack: IBM Lotus Quickr CVE-2013-3026

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow of IBM Lotus Quickr for Domino ActiveX.

Additional Information

IBM Lotus Quickr is web-based collaboration software.

The application is prone to a buffer-overflow vulnerability because it fails to properly bounds check the data. Specifically, this issue occurs due to an integer-overflow condition within the 'qp2.cab' ActiveX control.

Attackers can exploit this issue to execute arbitrary code within the context of an application (typically Internet Explorer) that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition.

IBM Lotus Quickr for Domino 8.2, 8.5, and 8.5.1 are vulnerable.

Affected

  • IBM Lotus Quickr for Domino 8.2, 8.5, and 8.5.1 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube