IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities

2007.11.11

Credit: Tan Chew Keong

Risk: High

Local: Yes

Remote: Yes

CVE: CVE-2007-5909 | CVE-2007-5910

CWE: N/A

[vuln.sg] Vulnerability Research Advisory
IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities
by Tan Chew Keong
Release Date: 2007-10-23
Summary
-------
Multiple exploitable buffer overflow vulnerabilities were found within the file attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes.
Tested Versions
---------------
Lotus Notes 7.0.2 (Trial)
Details
-------
http://vuln.sg/lotusnotes702-en.html
http://vuln.sg/lotusnotes702-jp.html
Vendor's Technote
-----------------
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.