IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
BID:53678
Info
IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 53678 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-2176 |
| Remote: | Yes |
| Local: | No |
| Published: | May 24 2012 12:00AM |
| Updated: | Dec 31 2012 06:10AM |
| Credit: | anonymous via ZDI |
| Vulnerable: |
IBM Lotus Quickr 8.2 |
| Not Vulnerable: | |
Discussion
IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
IBM Lotus Quickr is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds check user-supplied input.
Attackers can exploit this issue to execute arbitrary code within the context of an application (typically Internet Explorer) that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition.
IBM Lotus Quickr 8.2 is vulnerable; other versions may also be affected.
IBM Lotus Quickr is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds check user-supplied input.
Attackers can exploit this issue to execute arbitrary code within the context of an application (typically Internet Explorer) that uses the ActiveX control. Failed exploit attempts will result in a denial-of-service condition.
IBM Lotus Quickr 8.2 is vulnerable; other versions may also be affected.
Exploit / POC
IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
The following metasploit exploit code is available:
The following metasploit exploit code is available:
Solution / Fix
IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
Solution:
Updates are available; please see the references for more information.
Solution:
Updates are available; please see the references for more information.
References
IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
References:
References: