CVE-2010-0919

Name of the Vulnerable Software and Affected Versions IBM Lotus iNotes versions 6.5, 7.0 through 7.0.3, 8.0, 8.0.2 through 229.280

Description The issue is a stack-based buffer overflow in the Lotus Domino Web Access ActiveX control. This allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method.

Recommendations For versions 6.5, 7.0 through 7.0.3, and 8.0, update to version 7.0.4 or later. For version 8.0.2, update to 229.281 or later for Domino 8.0.2 FP4. As a temporary workaround, consider restricting access to the ActiveX control until a patch is available.