Lotus Notes Lotus 1-2-3 file viewer buffer overflow

2007-12-07T00:00:00
ID SAINT:12BEFCCB8738CF66FA95DAAE72C4BF08
Type saint
Reporter SAINT Corporation
Modified 2007-12-07T00:00:00

Description

Added: 12/07/2007
CVE: CVE-2007-6593
BID: 26604
OSVDB: 40796

Background

Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to process files in the Lotus Worksheet File format (WKS) used by Lotus 1-2-3.

Problem

A buffer overflow vulnerability in the Autonomy KeyView library allows command execution when a user views a specially crafted worksheet attachment in Lotus Notes.

Resolution

Contact IBM support for a patch or apply one of the workarounds described in the IBM Technote.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0540.html>

Limitations

Exploit works on Lotus Notes 7.0.2 and requires a user to view the e-mail attachment.

Platforms

Windows 2000
Windows XP