Lotus Notes Multiple Keyview Parsing Vulnerabilities - Security


Editor Login \| Register		Ekle

Lotus Notes Multiple Keyview Parsing Vulnerabilities - Security - World -

(Date : 09.04.2008 19:38:22)

Lotus Notes Multiple Keyview Parsing Vulnerabilities

Secunia Advisory:	SA28210
Release Date:	2008-04-08

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	IBM Lotus Notes 6.x IBM Lotus Notes 7.x IBM Lotus Notes 8.x

CVE reference:	CVE-2008-0066 (Secunia mirror) CVE-2007-6020 (Secunia mirror) CVE-2007-5399 (Secunia mirror) CVE-2007-5405 (Secunia mirror) CVE-2007-5406 (Secunia mirror) CVE-2008-1101 (Secunia mirror)

Description:
Secunia Research has discovered some vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a user"s system.

The vulnerabilities are caused due to various errors within certain third-party file viewers and can be exploited to cause buffer overflows when a specially crafted file attachment is viewed.

For more information:
SA28209

The vulnerabilities are confirmed in versions 7.0.3 and 8.0. Other versions may also be affected.

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.

Solution:
Apply patch (contact the vendor for details).

Provided and/or discovered by:
Secunia Research

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2007-92/
http://secunia.com/secunia_research/2007-96/
http://secunia.com/secunia_research/2007-107/
http://secunia.com/secunia_research/2008-3/
http://secunia.com/secunia_research/2008-12/

IBM:
http://www.ibm.com/support/docview.wss?rs=463&uid=swg21298453

Other References:
SA28209:
http://secunia.com/advisories/28209/

Derecelendir

Kaynak

İçerik İhbarı

Open Source Document Project