CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.3%
Added: 06/06/2008
CVE: CVE-2007-5405
BID: 28454
OSVDB: 44194
Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to display Applix Graphics (**.ag**
) attachments.
A buffer overflow vulnerability when parsing the initial BEGIN tag in an Applix Graphics file allows command execution when a user opens a specially crafted attachment.
Apply the fix referenced in the IBM Technote.
<http://secunia.com/secunia_research/2007-96/advisory/>
Exploit works on Lotus Notes 8.0 and requires a user to open an e-mail attachment using the affected software.
Windows