Summary
This host has IBM Lotus Notes installed and is prone to multiple buffer overflow vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code in the context of the user running the application.
Impact Level: Application
Solution
Upgrade to IBM Lotus Notes 8.5.2 FP3
For updates refer to http://www.ibm.com/software/lotus/products/notes/
Insight
The flaws are due to:
- An error within 'xlssr.dll' when parsing a Binary File Format (BIFF) record in an Excel spreadsheet.
- An integer underflow error within 'lzhsr.dll' when parsing header information in a LZH archive file.
- A boundary error within 'rtfsr.dll' when parsing hyperlink information in a Rich Text Format (RTF) document.
- A boundary error within 'mw8sr.dll' when parsing hyperlink information in a Microsoft Office Document (DOC) file.
- A boundary error within 'assr.dll' when parsing tag information in an Applix Spreadsheet.
- An unspecified error within 'kpprzrdr.dll' when parsing Lotus Notes .prz file format.
- An unspecified error within 'kvarcve.dll' when parsing Lotus Notes .zip file format.
Affected
IBM Lotus Notes Version 8.5.2 FP2 and prior on windows
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-1213, CVE-2011-1214, CVE-2011-1215, CVE-2011-1216, CVE-2011-1217, CVE-2011-1218, CVE-2011-1512 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)
- Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
- Buffer overflow in Apple Quicktime Player
- Apple iTunes '.pls' Files Buffer Overflow Vulnerability