SAINT CorporationSAINT:057C4C23C839F4187B36BE0D82337435Lotus Notes TagAttributeListCopy buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.846 High
EPSS
Percentile
98.2%
Added: 11/21/2007
CVE: CVE-2007-4222
BID: 26200
OSVDB: 40949
Background
Lotus Notes is the client for Lotus Domino servers.
Problem
A buffer overflow in the **TagAttributeListCopy** function in **nnotes.dll** could allow command execution when a user receives a specially crafted e-mail message and forwards it, replies to it, or copies it to the clipboard.
Resolution
Upgrade to Lotus Notes 7.0.3 or 8.0 or higher.
References
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=604>
Limitations
Exploit works on Lotus Notes 7.0.2 and requires a user to open the e-mail message and reply to it with history, forward it, or copy it to the clipboard. A mail server address and a comma- or space-separated list of recipient addresses must be specified.
Since the payload resides in the e-mail message itself, customizable e-mail templates are not available with this exploit.
Since this exploit uses e-mail rather than an HTTP listener to serve the payload, the exploit cannot record unsuccessful exploitation attempts.
Platforms
Windows 2000
Windows XP
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.846 High
EPSS
Percentile
98.2%