CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:C/A:N
EPSS
Percentile
94.1%
Added: 12/07/2007
CVE: CVE-2007-6593
BID: 26604
OSVDB: 40796
Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to process files in the Lotus Worksheet File format (WKS) used by Lotus 1-2-3.
A buffer overflow vulnerability in the Autonomy KeyView library allows command execution when a user views a specially crafted worksheet attachment in Lotus Notes.
Contact IBM support for a patch or apply one of the workarounds described in the IBM Technote.
<http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0540.html>
Exploit works on Lotus Notes 7.0.2 and requires a user to view the e-mail attachment.
Windows 2000
Windows XP