Lotus Notes WPD attachment viewer buffer overflow

2008-01-03T00:00:00
ID SAINT:D93708C75CAF154112A9881AA1DC93F1
Type saint
Reporter SAINT Corporation
Modified 2008-01-03T00:00:00

Description

Added: 01/03/2008
CVE: CVE-2007-5910
BID: 26175
OSVDB: 40783

Background

Lotus Notes is the client for Lotus Domino servers.

Problem

A buffer overflow in the KeyView Viewer included in Lotus Notes allows command execution when a user views a specially crafted WordPerfect (WPD) attachment.

Resolution

Upgrade to Lotus Notes 7.0.3 or higher.

References

http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111

Limitations

Exploit works on Lotus Notes 7.0.2 and requires a user to view the WPD attachment.

Platforms

Windows