Added: 12/07/2007
CVE: CVE-2007-6593
BID: 26604
OSVDB: 40796
Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to process files in the Lotus Worksheet File format (WKS) used by Lotus 1-2-3.
A buffer overflow vulnerability in the Autonomy KeyView library allows command execution when a user views a specially crafted worksheet attachment in Lotus Notes.
Contact IBM support for a patch or apply one of the workarounds described in the IBM Technote.
<http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0540.html>
Exploit works on Lotus Notes 7.0.2 and requires a user to view the e-mail attachment.
Windows 2000
Windows XP