CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.6%
Added: 06/30/2011
CVE: CVE-2011-1213
BID: 48018
OSVDB: 72706
Lotus Notes is the client for Lotus Domino servers.
IBM Lotus Notes File Viewer is vulnerable to remote code execution as a result of a stack buffer overflow while parsing headers of **LZH**
files. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted file to the target user and enticing them to view it with the affected software.
Apply patches as described in IBM Bulletin 1500034.
<http://secunia.com/advisories/44624/>
Exploit works on IBM Lotus Notes 8.5 and requires a user to view the **LZH**
attachment. A valid e-mail account must exist on the mail server and in Lotus Notes.
Windows