Signature Detail

APP: IBM Lotus Notes HTML Message Handling Buffer Overflow

This signature detects attempts to exploit a known vulnerability in IBM Lotus Notes. It is a result of insufficient boundary checking while parsing HTML formatted email. A remote attacker can exploit this vulnerability by persuade the target user to perform certain operation upon a crafted email message, potentially causing arbitrary code to be injected and executed in the security context of the current user. In an attack case where code injection is not successful, all instances of the vulnerable IBM Lotus Notes application will terminate.

Extended Description

IBM Lotus Notes is prone to a buffer-overflow vulnerability because the application fails to adequately perform boundary checks on user-supplied data. This issue occurs in the 'nnotes.dll' dynamic linked library. Successfully exploiting this issue could allow attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• IBM Lotus Notes 6.5.1
• IBM Lotus Notes 6.5.3
• IBM Lotus Notes 7.0.1
• IBM Lotus Notes 7.0.2

References

• BugTraq: 26200
• CVE: CVE-2007-4222