CVE-2012-2176 – IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-2176

Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method. Múltiples desbordamientos de búfer en cierto ActiveX en qp2.cab en IBM Lotus Quickr v8.2 anterior a v8.2.0.27-002a para Domino permite a atacantes remotos ejecutar código arbitrario mediante un argumento largo para el método (1) Attachment_Times o (2) Import_Times. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the QP2.cab ActiveX control. When passing a long string argument to the Attachment_Times or Import_Times parameters during the control's instantiation it is possible to overflow a stack buffer causing memory corruption. • https://www.exploit-db.com/exploits/23737 http://www.ibm.com/support/docview.wss?uid=swg21596191 http://www.securityfocus.com/bid/53678 http://www.securitytracker.com/id?1027097 https://exchange.xforce.ibmcloud.com/vulnerabilities/75322 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •