Lotus iNotes contains a buffer overflow that could permit a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable server.
Lotus iNotes Web Access is a web-based database application that provides "access to corporate messaging services and personal information through a Web browser." NGSSoftware has researched and reported a buffer overflow vulnerability in iNotes that can be triggered via a specially crafted s_ViewName value of the PresetFields parameter. For further information, see NGSSoftware Insight Security Research Advisory #NISR17022003b.
A remote attacker could execute arbitrary code with the privileges of the Domino server process or cause a denial of service.
This vulnerability was reported by Mark Litchfield of NGSSoftware.
This document was written by Art Manion.