IBM Lotus Notes Attachment Handling Multiple Buffer Overflows

critical Nessus Plugin ID 54922

Synopsis

The remote Windows host has an application that is affected by multiple buffer overflow vulnerabilities.

Description

The file attachment viewer component included with the instance of Lotus Notes installed on the remote Windows host is reportedly affected by several buffer overflow vulnerabilities that can be triggered when handling attachments of various types.

By sending a specially crafted attachment to users of the affected application and getting them to double-click and view the attachment, an attacker may be able to execute arbitrary code subject to the privileges under which the affected application runs.

Solution

Either Install Interim Fix 1 for Notes 8.5.2 Fix Pack 2 / 8.5.2 Fix Pack 3 or upgrade to 8.5.3. Alternatively, disable attachment viewers.

See Also

https://www.securityfocus.com/archive/1/518139

https://www.securityfocus.com/archive/1/518131

https://www.securityfocus.com/archive/1/518138

https://www.securityfocus.com/archive/1/518137

http://www.nessus.org/u?c85aef3a

https://seclists.org/bugtraq/2011/May/178

https://seclists.org/bugtraq/2011/May/179

https://seclists.org/bugtraq/2011/May/181

https://seclists.org/bugtraq/2011/May/182

https://www.securityfocus.com/archive/1/archive/1/518120/100/0/threaded

https://www-304.ibm.com/support/docview.wss?uid=swg21500034

Plugin Details

Severity: Critical

ID: 54922

File Name: notes_keyview_overflows2.nasl

Version: 1.25

Type: local

Agent: windows

Family: Windows

Published: 5/31/2011

Updated: 6/12/2020

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

CVSS Score Source: CVE-2011-0548

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_notes

Required KB Items: SMB/Registry/Enumerated, SMB/Lotus_Notes/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/24/2011

Vulnerability Publication Date: 5/24/2011

Exploitable With

Core Impact

Metasploit (Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh Attachment))

Reference Information

CVE: CVE-2011-0548, CVE-2011-1213, CVE-2011-1214, CVE-2011-1215, CVE-2011-1216, CVE-2011-1217, CVE-2011-1218, CVE-2011-1512

BID: 47962, 48013, 48016, 48017, 48018, 48019, 48020, 48021

CERT: 126159

EDB-ID: 17448

Secunia: 44624