CVE-2011-3575

Name of the Vulnerable Software and Affected Versions IBM Lotus Domino version 8.5.2

Description The issue is related to a stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll. This allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an "fmHttpPostRequest OpenForm action" to "WebAdmin.nsf".

Recommendations For IBM Lotus Domino version 8.5.2, consider restricting access to the NSFComputeEvaluateExt function in Nnotes.dll to minimize the risk of exploitation. Avoid using long tHPRAgentName parameters in fmHttpPostRequest OpenForm actions to WebAdmin.nsf until the issue is resolved.