Added: 06/30/2011
CVE: CVE-2011-1213
BID: 48018
OSVDB: 72706
Lotus Notes is the client for Lotus Domino servers.
IBM Lotus Notes File Viewer is vulnerable to remote code execution as a result of a stack buffer overflow while parsing headers of **LZH**
files. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted file to the target user and enticing them to view it with the affected software.
Apply patches as described in IBM Bulletin 1500034.
<http://secunia.com/advisories/44624/>
Exploit works on IBM Lotus Notes 8.5 and requires a user to view the **LZH**
attachment. A valid e-mail account must exist on the mail server and in Lotus Notes.
Windows