SMTP: IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in IBM Lotus Notes. It is due to a boundary error within the Lotus 1-2-3 file viewer. A remote attacker can leverage this by enticing a target user to view the maliciously crafted e-mail attachment. In a successful attack, code is injected and executed with the privileges of the currently logged on user. The behavior of the target host is entirely dependent on the intended function of the injected code; however the affected application would most likely stop functioning. In an unsuccessful attack, all instances of the IBM Lotus Notes application terminate.
Extended Description
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909.
Affected Products
Ibm lotus_notes
References
CVE: CVE-2007-6593
Short Name
SMTP:MAL:LOTUS-VIEWER
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
1-2-3 Buffer CVE-2007-6593 File IBM Lotus Notes Overflow Sheet Viewer Work
Release Date
10/20/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Ibm
CVSS Score
8.8