IBM Lotus Notes Attachment Handling Multiple Buffer Overflows

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has an application that is affected by
multiple buffer overflow vulnerabilities.

Description :

The file attachment viewer component included with the instance of
Lotus Notes installed on the remote Windows host is reportedly
affected by several buffer overflow vulnerabilities that can be
triggered when handling attachments of various types.

By sending a specially crafted attachment to users of the affected
application and getting them to double-click and view the attachment,
an attacker may be able to execute arbitrary code subject to the
privileges under which the affected application runs.

See also :

Solution :

Either Install Interim Fix 1 for Notes 8.5.2 Fix Pack 2 / 8.5.2 Fix
Pack 3 or upgrade to 8.5.3. Alternatively, disable attachment viewers.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now