Lotus Notes URL Handler Filtering Flaw Lets Remote Users Execute Arbitrary Scripting Code
|
SecurityTracker Alert ID: 1010567 |
SecurityTracker URL: http://securitytracker.com/id/1010567
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 22 2004
|
Impact:
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6.x prior to 6.0.4; 6.5.x prior to 6.5.2
|
Description:
An input validation vulnerability was reported in IBM's Lotus Notes. A remote user can conduct cross-site scripting attacks.
IBM reported that the Notes URL handler does not properly filter user-supplied input when a target user clicks on a Notes URL. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site containing the malicious URL and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
The report indicates that if the use of Internet shares is restricted via firewall configuration or registry settings, then this flaw is not exploitable.
The report also says that if the Notes client is already running on the target user's workstation, then the flaw is not exploitable.
Jouko Pynnonen and iDEFENSE are credited with reporting this flaw to IBM.
|
Impact:
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site hosting the malicious URL, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
|
Solution:
IBM has issued fixed versions of Domino (6.0.4 and 6.5.2).
|
Vendor URL: www.ibm.com/support/docview.wss?rs=463&uid=swg21169510 (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Subject: http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21169510
|
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21169510
> Lotus Notes URL Handler Argument Injection Vulnerability
> Jouko Pynnonen, in association with iDEFENSE, reported a vulnerability in the Lotus
> Notes client that may allow an attacker to execute malicious code on the user's
> workstation under certain circumstances.
> The Notes URL handler fails to properly filter input when a web browser activates the
> Notes client by clicking on a Notes URL.
IBM has issued fixed versions of Domino (6.0.4 and 6.5.2).
The report indicates that if the use of Internet shares is restricted via firewall
configuration or registry settings, then this flaw is not exploitable.
The report also says that if the Notes client is already running on the target user's
workstation, then the flaw is not exploitable.
----
> Operating system(s):
> Windows
> Software version:
> 6.5.x, 6.0.x
> Reference #:
> 1169510
> Modified date:
> 2004-06-22
|
|