IBM Lotus SameTime STJNILoader.OCX ActiveX Control LoadLibrary Input Validation Vulnerability

Bugtraq ID:	23201
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 29 2007 12:00AM
Updated:	Mar 29 2007 11:03PM
Credit:	Andrew Christensen of FortConsult ApS is credited with the discovery of this issue.
Vulnerable:	IBM Lotus Sametime STJNILoader.ocx 3.1 .26 IBM Lotus Sametime 7.0
Not Vulnerable:	IBM Lotus Sametime 7.5

IBM Lotus SameTime STJNILoader.OCX ActiveX Control LoadLibrary Input Validation Vulnerability

IBM Lotus Sametime STJNILoader.ocx ActiveX control is vulnerable to an input-validation vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the control. A successful attack will result in the compromise of the application.

This issue affects STJNILoader 3.1.0.26 and Sametime 7.0; other versions may also be affected.

IBM Lotus SameTime STJNILoader.OCX ActiveX Control LoadLibrary Input Validation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

IBM Lotus SameTime STJNILoader.OCX ActiveX Control LoadLibrary Input Validation Vulnerability

Solution:
This issue has been addressed in version 7.5. Please see the references for more information.

IBM Lotus SameTime STJNILoader.OCX ActiveX Control LoadLibrary Input Validation Vulnerability

References:

• IBM Lotus Sametime Product Page (IBM)
  
• iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DLL (iDefense Labs)
  
• IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability (iDefense Labs)
  
• IBM Lotus Sametime JNILoader Vulnerability (IBM)