Lotus Notes Client < 7.0.3 / 8.0.1 Multiple Overflows

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by several
buffer overflow vulnerabilities.

Description :

The version of Lotus Notes installed on the remote Windows host is
reportedly affected by several buffer overflows in its file attachment
viewer when handling attachments of various types. By sending a
specially crafted attachment to users of the affected application and
getting them to double-click and view the attachment, an attacker may
be able to execute arbitrary code subject to the privileges under
which the affected application runs.

It is also affected by another buffer overflow vulnerability in the
TagAttributeListCopy function in ''nnotes.dll'' that could be
triggered when a specially crafted message is replied to, forwarded,
or copied to the clipboard by a user of the application.

See also :

http://www.securityfocus.com/archive/1/482664/30/0/threaded
http://www-1.ibm.com/support/docview.wss?uid=swg21271111
http://www-1.ibm.com/support/docview.wss?uid=swg21272836
http://www.nessus.org/u?c52c5e1e
http://www.securityfocus.com/archive/1/482738
http://www-1.ibm.com/support/docview.wss?uid=swg21272930

Solution :

Upgrade to Lotus Notes version 7.0.3 / 8.0.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 27534 ()

Bugtraq ID: 26175
26200

CVE ID: CVE-2007-4222
CVE-2007-5909
CVE-2007-5910

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now