Lotus Notes Attachment Viewer UUE file buffer overflow

Added: 02/21/2006
CVE: CVE-2005-2618
BID: 16576
OSVDB: 23065

Background

Lotus Notes is the client for Lotus Domino servers.

Problem

A buffer overflow in the attachment viewer in the Lotus Notes e-mail client allows command execution when a user opens a specially crafted UUE file.

Resolution

Upgrade to version 6.5.5 or 7.0.1 or higher.

References

<http://secunia.com/secunia_research/2005-36&gt;

Limitations

Exploit works on Lotus Notes 6.5.4. This exploit sends an e-mail to the specified address and requires the user to view the attachment.

Platforms

Windows