Malware Injection in IBM’s Lotus Domino Becomes Easy
According to a recent security advisory from MWR InfoSecurity, the Web Access component of IBM's Lotus Domino has several security holes that could allow attackers to inject malicious software into the affected server or to monitor data by employing cross-site scripting (XSS), as reported by Heise-Online on May 21, 2008.
The researchers at MWR InfoSecurity said that the flaw was detected in the code assigned to handle the Hyper-Text Transfer Protocol (HTTP) header information emanating from a surfer's browser. It was discovered that the "Accept Language" field originated from the HTTP header following a request to be processed in the server. This processed data was then replicated onto a stack buffer of a definite length using the "strcpy" utility.
» SPAMfighter News - 5/30/2008
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!