Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:1966633CB64640225F03A927FCCF5455
HistoryJun 30, 2011 - 12:00 a.m.

IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow

2011-06-3000:00:00
SAINT Corporation
download.saintcorporation.com
17

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.86

Percentile

98.6%

JSON

Added: 06/30/2011
CVE: CVE-2011-1213
BID: 48018
OSVDB: 72706

Background

Lotus Notes is the client for Lotus Domino servers.

Problem

IBM Lotus Notes File Viewer is vulnerable to remote code execution as a result of a stack buffer overflow while parsing headers of **LZH** files. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted file to the target user and enticing them to view it with the affected software.

Resolution

Apply patches as described in IBM Bulletin 1500034.

References

<http://secunia.com/advisories/44624/&gt;

Limitations

Exploit works on IBM Lotus Notes 8.5 and requires a user to view the **LZH** attachment. A valid e-mail account must exist on the mail server and in Lotus Notes.

Platforms

Windows

Related

checkpoint_advisories 1
packetstorm 1
metasploit 2
cve 1
saint 3
seebug 1
exploitdb 1
prion 1
cvelist 1
zdt 1
nvd 1
kaspersky 1
openvas 2
nessus 2
symantec 1
checkpoint_advisories
checkpoint_advisories
IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow (CVE-2011-1213)
2011-11-15 00:00:00
packetstorm
packetstorm
Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview
2011-06-25 00:00:00
metasploit
metasploit
Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh Attachment)
2011-06-23 15:43:54
Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh Attachment)
2011-06-23 09:51:16
cve
cve
CVE-2011-1213
2011-05-31 20:55:01
saint
saint
IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
2011-06-30 00:00:00
IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
2011-06-30 00:00:00
IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
2011-06-30 00:00:00
seebug
seebug
Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh attachment)
2011-06-25 00:00:00
exploitdb
exploitdb
Lotus Notes 8.0.x &lt; 8.5.2 FP2 - Autonomy Keyview (&#039;.lzh&#039; Attachment) (Metasploit)
2011-06-23 00:00:00
prion
prion
Integer overflow
2011-05-31 20:55:00
cvelist
cvelist
CVE-2011-1213
2011-05-31 20:00:00
zdt
zdt
Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh attachment)
2011-06-23 00:00:00
nvd
nvd
CVE-2011-1213
2011-05-31 20:55:01
kaspersky
kaspersky
KLA10202 ACE vulnerabilities in IBM Lotus Notes
2011-05-31 00:00:00
openvas
openvas
IBM Lotus Notes File Viewers Multiple BOF Vulnerabilities (Windows)
2011-06-07 00:00:00
IBM Lotus Notes File Viewers Multiple BOF Vulnerabilities - Windows
2011-06-07 00:00:00
nessus
nessus
IBM Lotus Notes Attachment Handling Multiple Buffer Overflows
2011-05-31 00:00:00
Symantec Mail Security Autonomy Verity Keyview Filter Vulnerabilities (SYM11-013)
2011-10-28 00:00:00
symantec
symantec
Multi-Vendor Autonomy Verity Keyview Filter Multiple Issues
2011-10-06 08:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.86

Percentile

98.6%

JSON
Related for SAINT:1966633CB64640225F03A927FCCF5455
checkpoint_advisories1packetstorm1metasploit2cve1saint3seebug1exploitdb1prion1cvelist1zdt1nvd1kaspersky1openvas2nessus2symantec1