Lotus Notes Lotus 1-2-3 file viewer buffer overflow

Added: 12/07/2007
CVE: CVE-2007-6593
BID: 26604
OSVDB: 40796

Background

Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to process files in the Lotus Worksheet File format (WKS) used by Lotus 1-2-3.

Problem

A buffer overflow vulnerability in the Autonomy KeyView library allows command execution when a user views a specially crafted worksheet attachment in Lotus Notes.

Resolution

Contact IBM support for a patch or apply one of the workarounds described in the IBM Technote.

References

http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0540.html

Limitations

Exploit works on Lotus Notes 7.0.2 and requires a user to view the e-mail attachment.

Platforms

Windows 2000
Windows XP

Back to exploit index