IBM Lotus Notes attachments handle Multiple Buffer Overflow Vulnerabilities

Release date:
Updated on:

Affected Systems:
IBM Lotus Notes 8.x
IBM Lotus Notes 7.x
IBM Lotus Notes 6.x
Autonomy Keyview
Description:
--------------------------------------------------------------------------------
Bugtraq id: 47962
Cve id: CVE-2011-1512

The IBM Lotus Notes software provides users with single-point access, helping them create, query, and share knowledge, collaborate with teams, and take appropriate actions.

IBM Lotus Notes has multiple buffer overflow vulnerabilities in processing attachments. Remote attackers can exploit these vulnerabilities to execute arbitrary code or cause denial of service (DoS) with the current user privilege.

When you view the following types of attachments in Notes, arbitrary code may be executed:

LZH File
RTF document
Applix workbooks
Microsoft Excel document
Microsoft Office documentation
Lotus Notes. prz File
Lotus Notes. zip file

<* Source: Pablo Santamaria
Oren Isacson
Nadia Rodriguez

Link: https://www-304.ibm.com/support/docview.wss? Uid = swg21500034
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
For this reason, IBM has released a Security Bulletin (1500034) and corresponding patches:

1500034: Fixes for potential security vulnerabilities in Lotus Notes file viewers

Link: https://www-304.ibm.com/support/docview.wss? Uid = swg21500034