HTTP: IBM iNotes Unsafe ActiveX Control Integer Overflow

This signature detects attempts to use unsafe ActiveX controls in IBM iNotes. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW.

Affected Products

Ibm lotus_domino

References

CVE: CVE-2013-3027

Short Name
HTTP:STC:ACTIVEX:IBMINTS-INT-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2013-3027 Control IBM Integer Overflow Unsafe iNotes
Release Date
10/24/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Ibm

CVSS Score

9.3

Found a potential security threat?