Lotus Notes Applix Graphics viewer BEGIN tag buffer overflow

2008-06-06T00:00:00
ID SAINT:C17495B95A9FCCE21BD8257116554AD2
Type saint
Reporter SAINT Corporation
Modified 2008-06-06T00:00:00

Description

Added: 06/06/2008
CVE: CVE-2007-5405
BID: 28454
OSVDB: 44194

Background

Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to display Applix Graphics (**.ag**) attachments.

Problem

A buffer overflow vulnerability when parsing the initial BEGIN tag in an Applix Graphics file allows command execution when a user opens a specially crafted attachment.

Resolution

Apply the fix referenced in the IBM Technote.

References

<http://secunia.com/secunia_research/2007-96/advisory/>

Limitations

Exploit works on Lotus Notes 8.0 and requires a user to open an e-mail attachment using the affected software.

Platforms

Windows