Buffer overflow : IBM Lotus Notes File Viewers Multiple BOF Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801945

Categoría: Buffer overflow

Título: IBM Lotus Notes File Viewers Multiple BOF Vulnerabilities - Windows

Resumen: IBM Lotus Notes is prone to multiple buffer overflow vulnerabilities.

Descripción: Summary:
IBM Lotus Notes is prone to multiple buffer overflow vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- An error within 'xlssr.dll' when parsing a Binary File Format (BIFF)
record in an Excel spreadsheet.

- An integer underflow error within 'lzhsr.dll' when parsing header
information in a LZH archive file.

- A boundary error within 'rtfsr.dll' when parsing hyperlink information
in a Rich Text Format (RTF) document.

- A boundary error within 'mw8sr.dll' when parsing hyperlink information
in a Microsoft Office Document (DOC) file.

- A boundary error within 'assr.dll' when parsing tag information in an
Applix Spreadsheet.

- An unspecified error within 'kpprzrdr.dll' when parsing Lotus Notes .prz
file format.

- An unspecified error within 'kvarcve.dll' when parsing Lotus Notes .zip
file format.

Vulnerability Impact:
Successful exploitation will allow attackers to execute arbitrary code in the
context of the user running the application.

Affected Software/OS:
IBM Lotus Notes Version 8.5.2 FP2 and prior on windows

Solution:
Upgrade to IBM Lotus Notes 8.5.2 FP3

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1213
BugTraq ID: 47962
http://www.securityfocus.com/bid/47962
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=904
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14634
http://secunia.com/advisories/44624
http://securityreason.com/securityalert/8285
XForce ISS Database: lotus-notes-lzhsr-bo(67620)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67620
Common Vulnerability Exposure (CVE) ID: CVE-2011-1214
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=905
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14309
XForce ISS Database: lotus-notes-rtfsr-bo(67621)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67621
Common Vulnerability Exposure (CVE) ID: CVE-2011-1215
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14650
XForce ISS Database: lotus-notes-mw8sr-bo(67622)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67622
Common Vulnerability Exposure (CVE) ID: CVE-2011-1216
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=907
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13796
XForce ISS Database: lotus-notes-assr-bo(67623)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67623
Common Vulnerability Exposure (CVE) ID: CVE-2011-1217
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14822
XForce ISS Database: lotus-notes-kpprzrdr-bo(67624)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67624
Common Vulnerability Exposure (CVE) ID: CVE-2011-1218
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238
XForce ISS Database: lotus-notes-kvarcve-bo(67625)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67625
Common Vulnerability Exposure (CVE) ID: CVE-2011-1512
Bugtraq: 20110524 CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow (Google Search)
http://www.securityfocus.com/archive/1/518120/100/0/threaded
http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203
http://securityreason.com/securityalert/8263
XForce ISS Database: lotus-notes-xlssr-bo(67619)
https://exchange.xforce.ibmcloud.com/vulnerabilities/67619

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801945
Categoría:	Buffer overflow
Título:	IBM Lotus Notes File Viewers Multiple BOF Vulnerabilities - Windows
Resumen:	IBM Lotus Notes is prone to multiple buffer overflow vulnerabilities.
Descripción:	Summary: IBM Lotus Notes is prone to multiple buffer overflow vulnerabilities. Vulnerability Insight: The flaws are due to: - An error within 'xlssr.dll' when parsing a Binary File Format (BIFF) record in an Excel spreadsheet. - An integer underflow error within 'lzhsr.dll' when parsing header information in a LZH archive file. - A boundary error within 'rtfsr.dll' when parsing hyperlink information in a Rich Text Format (RTF) document. - A boundary error within 'mw8sr.dll' when parsing hyperlink information in a Microsoft Office Document (DOC) file. - A boundary error within 'assr.dll' when parsing tag information in an Applix Spreadsheet. - An unspecified error within 'kpprzrdr.dll' when parsing Lotus Notes .prz file format. - An unspecified error within 'kvarcve.dll' when parsing Lotus Notes .zip file format. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary code in the context of the user running the application. Affected Software/OS: IBM Lotus Notes Version 8.5.2 FP2 and prior on windows Solution: Upgrade to IBM Lotus Notes 8.5.2 FP3 CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1213 BugTraq ID: 47962 http://www.securityfocus.com/bid/47962 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=904 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14634 http://secunia.com/advisories/44624 http://securityreason.com/securityalert/8285 XForce ISS Database: lotus-notes-lzhsr-bo(67620) https://exchange.xforce.ibmcloud.com/vulnerabilities/67620 Common Vulnerability Exposure (CVE) ID: CVE-2011-1214 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=905 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14309 XForce ISS Database: lotus-notes-rtfsr-bo(67621) https://exchange.xforce.ibmcloud.com/vulnerabilities/67621 Common Vulnerability Exposure (CVE) ID: CVE-2011-1215 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=906 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14650 XForce ISS Database: lotus-notes-mw8sr-bo(67622) https://exchange.xforce.ibmcloud.com/vulnerabilities/67622 Common Vulnerability Exposure (CVE) ID: CVE-2011-1216 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=907 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13796 XForce ISS Database: lotus-notes-assr-bo(67623) https://exchange.xforce.ibmcloud.com/vulnerabilities/67623 Common Vulnerability Exposure (CVE) ID: CVE-2011-1217 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14822 XForce ISS Database: lotus-notes-kpprzrdr-bo(67624) https://exchange.xforce.ibmcloud.com/vulnerabilities/67624 Common Vulnerability Exposure (CVE) ID: CVE-2011-1218 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238 XForce ISS Database: lotus-notes-kvarcve-bo(67625) https://exchange.xforce.ibmcloud.com/vulnerabilities/67625 Common Vulnerability Exposure (CVE) ID: CVE-2011-1512 Bugtraq: 20110524 CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow (Google Search) http://www.securityfocus.com/archive/1/518120/100/0/threaded http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203 http://securityreason.com/securityalert/8263 XForce ISS Database: lotus-notes-xlssr-bo(67619) https://exchange.xforce.ibmcloud.com/vulnerabilities/67619
Copyright	Copyright (C) 2011 Greenbone AG