Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities

From: TAN Chew Keong <vulnpost-remove () vuln sg>
Date: Tue, 23 Oct 2007 22:37:44 +0800
[vuln.sg] Vulnerability Research Advisory

IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities

by Tan Chew Keong
Release Date: 2007-10-23

Summary
-------
Multiple exploitable buffer overflow vulnerabilities were found within
the file attachment viewer in IBM Lotus Notes. The vulnerabilities can
be exploited to execute arbitrary code by tricking the user to view a
malicious DOC, SAM, WPD, or MIF file attachment using the file
attachment viewer in Lotus Notes.

Tested Versions
---------------
Lotus Notes 7.0.2 (Trial)

Details
-------
http://vuln.sg/lotusnotes702-en.html
http://vuln.sg/lotusnotes702-jp.html

Vendor's Technote
-----------------
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: