Signature Detail

SMTP: IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in IBM Lotus Notes. It is due to a boundary error within the Lotus 1-2-3 file viewer. A remote attacker can leverage this by enticing a target user to view the maliciously crafted e-mail attachment. In a successful attack, code is injected and executed with the privileges of the currently logged on user. The behavior of the target host is entirely dependent on the intended function of the injected code; however the affected application would most likely stop functioning. In an unsuccessful attack, all instances of the IBM Lotus Notes application terminate.

Extended Description

Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909.

Affected Products

• ibm lotus_notes 5.0
• ibm lotus_notes 6.0
• ibm lotus_notes 6.5
• ibm lotus_notes 7.0
• ibm lotus_notes 8.0

References

• CVE: CVE-2007-6593