Signature Detail

HTTP: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow

This signature detects attempts to exploit a known code execution vulnerability in IBM Lotus Notes File Viewer. Its due to a stack buffer overflow while parsing headers of LZH files. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Extended Description

Autonomy KeyView Filter is prone to a buffer-overflow vulnerability because of a failure to properly bounds check user-supplied input. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file or email attachment. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously discussed in BID 47962 (IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities) but has been given its own record to better document it.

Affected Products

• Autonomy Keyview Export SDK 10
• Autonomy Keyview Export SDK 10.10
• Autonomy Keyview Export SDK 10.12
• Autonomy Keyview Export SDK 10.3.0
• Autonomy Keyview Export SDK 10.4.0
• Autonomy Keyview Export SDK 10.5
• Autonomy Keyview Export SDK 10.8
• Autonomy Keyview Export SDK 10.9
• Autonomy Keyview Export SDK 9.2
• Autonomy Keyview Filter SDK 10
• Autonomy Keyview Filter SDK 10.10
• Autonomy Keyview Filter SDK 10.11
• Autonomy Keyview Filter SDK 10.12
• Autonomy Keyview Filter SDK 10.3.0
• Autonomy Keyview Filter SDK 10.4.0
• Autonomy Keyview Filter SDK 10.5
• Autonomy Keyview Filter SDK 10.8
• Autonomy Keyview Filter SDK 10.9.0
• Autonomy Keyview Filter SDK 9.2
• Autonomy Keyview IDOL 10
• Autonomy Keyview Viewer SDK 10
• Autonomy Keyview Viewer SDK 10.10
• Autonomy Keyview Viewer SDK 10.11
• Autonomy Keyview Viewer SDK 10.12
• Autonomy Keyview Viewer SDK 10.3.0
• Autonomy Keyview Viewer SDK 10.4.0
• Autonomy Keyview Viewer SDK 10.5
• Autonomy Keyview Viewer SDK 10.8
• Autonomy Keyview Viewer SDK 10.9
• Autonomy Keyview Viewer SDK 9.2
• IBM Lotus Notes 6.5.0
• IBM Lotus Notes 6.5.1
• IBM Lotus Notes 6.5.2
• IBM Lotus Notes 6.5.2 FP1
• IBM Lotus Notes 6.5.3
• IBM Lotus Notes 6.5.4
• IBM Lotus Notes 6.5.5
• IBM Lotus Notes 6.5.5 FP2
• IBM Lotus Notes 6.5.5 FP3
• IBM Lotus Notes 6.5.6
• IBM Lotus Notes 6.5.6 FP2
• IBM Lotus Notes 7.0
• IBM Lotus Notes 7.0
• IBM Lotus Notes 7.0.1
• IBM Lotus Notes 7.0.2
• IBM Lotus Notes 7.0.2 FP1
• IBM Lotus Notes 7.0.2 FP2
• IBM Lotus Notes 7.0.3
• IBM Lotus Notes 8.0
• IBM Lotus Notes 8.0.1
• IBM Lotus Notes 8.5
• IBM Lotus Notes 8.5.1
• IBM Lotus Notes 8.5.2
• Symantec Brightmail and Messaging Gateway 9.5
• Symantec Brightmail Gateway 8.0
• Symantec Brightmail Gateway 8.0.1
• Symantec Brightmail Gateway 8.0.2
• Symantec Brightmail Gateway 9.0
• Symantec Brightmail Gateway 9.0.2
• Symantec Brightmail Gateway 9.5
• Symantec Data Loss Prevention Agent Server 10.0
• Symantec Data Loss Prevention Detection Servers for Linux 10.0
• Symantec Data Loss Prevention Detection Servers for Linux 10.0.1010 .18007
• Symantec Data Loss Prevention Detection Servers for Linux 10.5
• Symantec Data Loss Prevention Detection Servers for Linux 10.5.1
• Symantec Data Loss Prevention Detection Servers for Linux 10.5.3
• Symantec Data Loss Prevention Detection Servers for Linux 11.0
• Symantec Data Loss Prevention Detection Servers for Linux 11.1
• Symantec Data Loss Prevention Detection Servers for Windows 10.0
• Symantec Data Loss Prevention Detection Servers for Windows 10.0.1010 .18007
• Symantec Data Loss Prevention Detection Servers for Windows 10.5
• Symantec Data Loss Prevention Detection Servers for Windows 10.5.1
• Symantec Data Loss Prevention Detection Servers for Windows 10.5.3
• Symantec Data Loss Prevention Detection Servers for Windows 11.0
• Symantec Data Loss Prevention Detection Servers for Windows 11.1
• Symantec Data Loss Prevention Endpoint Agents 10.0
• Symantec Data Loss Prevention Endpoint Agents 10.0.1010 .18007
• Symantec Data Loss Prevention Endpoint Agents 10.5
• Symantec Data Loss Prevention Endpoint Agents 10.5.1
• Symantec Data Loss Prevention Endpoint Agents 10.5.3
• Symantec Data Loss Prevention Endpoint Agents 11.0
• Symantec Data Loss Prevention Endpoint Agents 11.1
• Symantec Mail Security for Domino 7.5
• Symantec Mail Security for Domino 7.5.0.19
• Symantec Mail Security for Domino 7.5.10
• Symantec Mail Security for Domino 7.5.11
• Symantec Mail Security for Domino 7.5.3 25
• Symantec Mail Security for Domino 7.5.3.25
• Symantec Mail Security for Domino 7.5.4.29
• Symantec Mail Security for Domino 7.5.5.32
• Symantec Mail Security for Domino 7.5.6
• Symantec Mail Security for Domino 7.5.7
• Symantec Mail Security for Domino 7.5.8
• Symantec Mail Security for Domino 7.5.9
• Symantec Mail Security for Domino 8.0
• Symantec Mail Security for Domino 8.0.1
• Symantec Mail Security for Domino 8.0.2
• Symantec Mail Security for Domino 8.0.3
• Symantec Mail Security for Domino 8.0.6
• Symantec Mail Security for Domino 8.0.8
• Symantec Mail Security for Microsoft Exchange 6.0.0
• Symantec Mail Security for Microsoft Exchange 6.0.0
• Symantec Mail Security for Microsoft Exchange 6.0.0.1
• Symantec Mail Security for Microsoft Exchange 6.0.10
• Symantec Mail Security for Microsoft Exchange 6.0.11
• Symantec Mail Security for Microsoft Exchange 6.0.12
• Symantec Mail Security for Microsoft Exchange 6.0.5
• Symantec Mail Security for Microsoft Exchange 6.0.6
• Symantec Mail Security for Microsoft Exchange 6.0.7
• Symantec Mail Security for Microsoft Exchange 6.0.8
• Symantec Mail Security for Microsoft Exchange 6.0.9
• Symantec Mail Security for Microsoft Exchange 6.5.0
• Symantec Mail Security for Microsoft Exchange 6.5.1
• Symantec Mail Security for Microsoft Exchange 6.5.5
• Symantec Message Gateway 9.5
• Symantec Messaging Gateway 9.5

References

• BugTraq: 48018
• CVE: CVE-2011-1213
• URL: http://www.ibm.com/support/docview.wss?uid=swg21500034