IBM Lotus Quickr 8.2 qp2.cab ActiveX Control Buffer Overflow Vulnerability
08 January 2013
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 220.127.116.11-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
The existence of a botnet comprising of tens of thousands of compromised routers and other IoT devices is not news. Nevertheless, this latest one is special, as it seems that its herder does not have malicious intentions.