IBM Lotus Notes Attachment Handling Multiple Buffer Overflows

critical Nessus Plugin ID 54922


The remote Windows host has an application that is affected by multiple buffer overflow vulnerabilities.


The file attachment viewer component included with the instance of Lotus Notes installed on the remote Windows host is reportedly affected by several buffer overflow vulnerabilities that can be triggered when handling attachments of various types.

By sending a specially crafted attachment to users of the affected application and getting them to double-click and view the attachment, an attacker may be able to execute arbitrary code subject to the privileges under which the affected application runs.


Either Install Interim Fix 1 for Notes 8.5.2 Fix Pack 2 / 8.5.2 Fix Pack 3 or upgrade to 8.5.3. Alternatively, disable attachment viewers.

See Also

Plugin Details

Severity: Critical

ID: 54922

File Name: notes_keyview_overflows2.nasl

Version: 1.25

Type: local

Agent: windows

Family: Windows

Published: 5/31/2011

Updated: 6/12/2020

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

CVSS Score Source: CVE-2011-0548


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_notes

Required KB Items: SMB/Registry/Enumerated, SMB/Lotus_Notes/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/24/2011

Vulnerability Publication Date: 5/24/2011

Exploitable With

Core Impact

Metasploit (Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh Attachment))

Reference Information

CVE: CVE-2011-0548, CVE-2011-1213, CVE-2011-1214, CVE-2011-1215, CVE-2011-1216, CVE-2011-1217, CVE-2011-1218, CVE-2011-1512

BID: 47962, 48013, 48016, 48017, 48018, 48019, 48020, 48021

CERT: 126159

EDB-ID: 17448

Secunia: 44624