vuln.sg Vulnerability Research Advisory

IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities by Tan Chew Keong Release Date: 2007-10-23    [en] [jp] Summary Multiple exploitable buffer overflow vulnerabilities were found within the file attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes. Tested Versions Lotus Notes 7.0.2 (Trial) Details This advisory discloses a multiple buffer overflow vulnerabilities within the attachment viewer in IBM Lotus Notes. In order to exploit these vulnerabilities, the user must be convinced to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes. Details of the vulnerabilities can be found in the following links. IBM Lotus Notes mwsr.dll DOC Attachment Viewer Buffer Overflow IBM Lotus Notes lasr.dll SAM Attachment Viewer Buffer Overflow IBM Lotus Notes wp6sr.dll WPD Attachment Viewer Buffer Overflow IBM Lotus Notes mifsr.dll MIF Attachment Viewer Buffer Overflow Patch / Workaround Update to version 7.0.3. See vendor's technote for more information.

Contact

For further enquries, comments, suggestions or bug reports, simply email them to