IBM Lotus Notes Attachment Handling Multiple Buffer Overflows
High Nessus Plugin ID 54922
The remote Windows host has an application that is affected by multiple buffer overflow vulnerabilities.
The file attachment viewer component included with the instance of Lotus Notes installed on the remote Windows host is reportedly affected by several buffer overflow vulnerabilities that can be triggered when handling attachments of various types. By sending a specially crafted attachment to users of the affected application and getting them to double-click and view the attachment, an attacker may be able to execute arbitrary code subject to the privileges under which the affected application runs.
Either Install Interim Fix 1 for Notes 8.5.2 Fix Pack 2 / 8.5.2 Fix Pack 3 or upgrade to 8.5.3. Alternatively, disable attachment viewers.