IBM iNotes ActiveX Control Vulnerability

November 8, 2013

IBM iNotes (formerly IBM Lotus iNotes) is a web-based version of the IBM Notes client; it provides browser access to IBM Notes email, calendar and contacts. IBM iNotes includes an ActiveX component (DWA9W) which enables enhanced attachment functions.

An integer overflow vulnerability exists in IBM iNotes; the vulnerability is due to exposure of an unsafe property in the DWA9W ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted webpage using Internet Explorer. Successful exploitation could lead to arbitrary code execution in the security context of the logged-in user. Failed attacks could lead to termination of the browser.

The vulnerability has been assigned as CVE-2013-3027.

Dell SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 7598 IBM iNotes DWA9W ActiveX Instantiation