HTTP: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
This signature detects attempts to exploit a known code execution vulnerability in IBM Lotus Notes File Viewer. Its due to a stack buffer overflow while parsing headers of LZH files. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Extended Description
Autonomy KeyView Filter is prone to a buffer-overflow vulnerability because of a failure to properly bounds check user-supplied input. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file or email attachment. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously discussed in BID 47962 (IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities) but has been given its own record to better document it.
Affected Products
Symantec mail_security_for_microsoft_exchange
Short Name
HTTP:STC:DL:LOTUS-LZH-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Attachment Buffer CVE-2011-1213 IBM LZH Lotus Notes Overflow Stack Viewer bid:48018
Release Date
11/21/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Autonomy
Symantec
Ibm
CVSS Score
9.3