You are here

V-211: IBM iNotes Multiple Vulnerabilities

August 5, 2013 - 6:00am

Addthis

PROBLEM:

Multiple vulnerabilities have been reported in IBM Lotus iNotes

PLATFORM:

IBM iNotes 9.x

ABSTRACT:

IBM iNotes has two cross-site scripting vulnerabilities and an ActiveX Integer overflow vulnerability

REFERENCE LINKS:

Secunia Advisory SA54436
IBM Security Bulletin 1645503
CVE-2013-3027
CVE-2013-3032
CVE-2013-3990

IMPACT ASSESSMENT:

High

DISCUSSION:

1) Certain input related to MIME mail is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) An integer overflow error within the DWA9W ActiveX control can be exploited to execute arbitrary code.

IMPACT:

Cross Site Scripting
System Access

SOLUTION:

Vendor recommends updating to Interim Fix 3

Addthis