Lotus Quickr for Domino qp2.dll ActiveX Control Unspecified Stack Overflow

High Nessus Plugin ID 72586


The remote host has an ActiveX control installed that is affected by a stack-based buffer overflow vulnerability.


There is an unspecified, stack-based buffer overflow vulnerability in the Lotus Quickr for Domino qp2.dll ActiveX control. By tricking a victim into opening a specially crafted web page, an attacker can leverage this flaw to potentially execute arbitrary code, subject to the user's privileges.


Apply the appropriate fix pack per the vendor's advisory.

See Also



Plugin Details

Severity: High

ID: 72586

File Name: ibm_lotus_quickr_activex2.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2014/02/19

Modified: 2014/05/30

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_quickr_for_domino

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/01/21

Vulnerability Publication Date: 2014/01/23

Reference Information

CVE: CVE-2013-6748, CVE-2013-6749

BID: 65191, 65193

OSVDB: 102597, 102598