SAINT CorporationSAINT:3CE6827A21B435E04817D4FCA0C8D47CLotus Notes Lotus 1-2-3 file viewer buffer overflow
8.8 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:C/A:N
0.071 Low
EPSS
Percentile
94.0%
Added: 12/07/2007
CVE: CVE-2007-6593
BID: 26604
OSVDB: 40796
Background
Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to process files in the Lotus Worksheet File format (WKS) used by Lotus 1-2-3.
Problem
A buffer overflow vulnerability in the Autonomy KeyView library allows command execution when a user views a specially crafted worksheet attachment in Lotus Notes.
Resolution
Contact IBM support for a patch or apply one of the workarounds described in the IBM Technote.
References
<http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0540.html>
Limitations
Exploit works on Lotus Notes 7.0.2 and requires a user to view the e-mail attachment.
Platforms
Windows 2000
Windows XP
Related
8.8 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:C/A:N
0.071 Low
EPSS
Percentile
94.0%