Lotus iNotes Client ActiveX Control Buffer Overrun
17 Feb. 2003
Lotus Domino and Notes together provide a featured enterprise collaboration system with Domino providing application server services. iNotes provides web based messaging facilities. As well as having a server component there exists a client ActiveX control. A vulnerability in the ActiveX client allows a remote attacker to cause it to overflow one of its internal buffers allowing him to effectively compromise the remote host.
When iNotes is installed there is an ActiveX control called Lotus Domino Session ActiveX Control. By supplying an overly long value to the "InitializeUsingNotesUserName" method of this control via an e-mail or web page it is possible for an attacker to execute arbitrary code on the target's local machine. Any exploit code would execute in the security context of the logged on user.
NGSSoftware alerted IBM/Lotus to this issue on 14 January 2002. IBM Lotus Notes and Domino Release 6.0.1 is now available and being marketed as the first maintenance release. IBM say if customers haven't already upgraded or migrated to Notes and Domino 6, now is the time to move and start reaping the benefits of this existing and highly praised release. Release 6.0.1 includes fixes to enhance the quality and reliability of the Notes and Domino 6 products. It does not however mention any security issues, and NGS would strongly advise to upgrade as soon as possible not to just to "reap the benefits" but to secure the server and data against possible attacks.