SAINT CorporationSAINT:2004BB48A798D60339B13B2CEE3A6369Lotus Notes Lotus 1-2-3 file viewer buffer overflow
8.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:C/A:N
0.071 Low
EPSS
Percentile
94.0%
Added: 12/07/2007
CVE: CVE-2007-6593
BID: 26604
OSVDB: 40796
Background
Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to process files in the Lotus Worksheet File format (WKS) used by Lotus 1-2-3.
Problem
A buffer overflow vulnerability in the Autonomy KeyView library allows command execution when a user views a specially crafted worksheet attachment in Lotus Notes.
Resolution
Contact IBM support for a patch or apply one of the workarounds described in the IBM Technote.
References
<http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0540.html>
Limitations
Exploit works on Lotus Notes 7.0.2 and requires a user to view the e-mail attachment.
Platforms
Windows 2000
Windows XP
Related
8.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:C/A:N
0.071 Low
EPSS
Percentile
94.0%