[vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities
From: vulnpost-remove@xxxxxxx
Date: 23 Oct 2007 14:38:21 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[vuln.sg] Vulnerability Research Advisory

IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities

by Tan Chew Keong
Release Date: 2007-10-23

Summary
-------
Multiple exploitable buffer overflow vulnerabilities were found within the file 
attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to 
execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, 
or MIF file attachment using the file attachment viewer in Lotus Notes.

Tested Versions
---------------
Lotus Notes 7.0.2 (Trial)

Details
-------
http://vuln.sg/lotusnotes702-en.html
http://vuln.sg/lotusnotes702-jp.html

Vendor's Technote
-----------------
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111

Prev by Date: Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection
Next by Date: SYMSA-2007-012: Microsoft Windows CE IGMP Denial of Service
Previous by thread: Airscanner Mobile Security Advisory #07101401: Mobile-spy Victim/User Phone/SMS/URL Log Spoofing and Persistent XSS Injection
Next by thread: SYMSA-2007-012: Microsoft Windows CE IGMP Denial of Service
Index(es):
- Date
- Thread