SAINT CorporationSAINT:2459192DC69F14F6BDE9AC6497E6A537Lotus Notes TagAttributeListCopy buffer overflow
0.846 High
EPSS
Percentile
98.2%
Added: 11/21/2007
CVE: CVE-2007-4222
BID: 26200
OSVDB: 40949
Background
Lotus Notes is the client for Lotus Domino servers.
Problem
A buffer overflow in the **TagAttributeListCopy** function in **nnotes.dll** could allow command execution when a user receives a specially crafted e-mail message and forwards it, replies to it, or copies it to the clipboard.
Resolution
Upgrade to Lotus Notes 7.0.3 or 8.0 or higher.
References
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=604>
Limitations
Exploit works on Lotus Notes 7.0.2 and requires a user to open the e-mail message and reply to it with history, forward it, or copy it to the clipboard. A mail server address and a comma- or space-separated list of recipient addresses must be specified.
Since the payload resides in the e-mail message itself, customizable e-mail templates are not available with this exploit.
Since this exploit uses e-mail rather than an HTTP listener to serve the payload, the exploit cannot record unsuccessful exploitation attempts.
Platforms
Windows 2000
Windows XP
Related
