CVE-2012-2175

Name of the Vulnerable Software and Affected Versions IBM Lotus iNotes versions prior to 8.5.3 FP2

Description The issue is related to a buffer overflow in the Attachment Times method in a certain ActiveX control in dwa85W.dll. This allows remote attackers to execute arbitrary code via a long argument.

Recommendations For versions prior to 8.5.3 FP2, update to version 8.5.3 FP2 or later to resolve the issue. As a temporary workaround, consider disabling the Attachment Times method in the ActiveX control until a patch is available. Restrict access to the dwa85W.dll module to minimize the risk of exploitation.