Lotus Notes HTML Speed Reader URL buffer overflow

2006-02-17T00:00:00
ID SAINT:9A6EBC547477001F591617B11CF4E48F
Type saint
Reporter SAINT Corporation
Modified 2006-02-17T00:00:00

Description

Added: 02/17/2006
CVE: CVE-2005-2618
BID: 16576
OSVDB: 23068

Background

Lotus Notes is the client for Lotus Domino servers.

Problem

A buffer overflow in the HTML Speed Reader component of the Lotus Notes e-mail client allows command execution by a specially crafted e-mail message containing a long link URL.

Resolution

Upgrade to version 6.5.5 or 7.0.1 or higher.

References

<http://secunia.com/secunia_research/2005-32/>

Limitations

Exploit works on Lotus Notes 6.5.4. This exploit sends an e-mail to the specified address and requires the user to follow the ClickOnMe link.

Platforms

Windows