 |
Software > Lotus >
|
|
|
|
IBM Lotus Notes File Viewer Overflow Vulnerability (dunzip32.dll)
|
| | | | Problem | | CERT and Juha-Matti Laurio each independently contacted IBM Lotus to report a buffer overflow vulnerability in the InnerMedia DynaZip library used in Lotus Notes 6.5.4 and older clients that run on Microsoft Windows operating systems.
To successfully exploit these issues, an attacker would need to send a specially crafted file attachment to users via email, and the users would have to double-click and "View" the attachment. This issue applies to zip file attachments only. If successfully exploited, this vulnerability will cause the Notes client to crash and may allow execution of arbitrary code.
This issue has been documented by the following advisories:
CERT VU# 582498:
http://www.kb.cert.org/vuls/id/582498
Networksecurity.fi Security Advisory:
http://www.networksecurity.fi/advisories/lotus-notes.html | | | | | Resolving the problem | This issue was reported to IBM Lotus Quality Engineering as SPR# KSPR67MNMU and addressed in Notes 6.5.5 and Notes 7.0.
Refer to the Upgrade Central site for details on upgrading Notes/Domino to these releases.
Workaround if 6.5.5 DLL is available:
The buffer overflow vulnerability affects the dunzip32.dll file. This dll file has been updated in the fixed releases. If you cannot immediately upgrade the Notes client in your environment, then it is possible to correct the issue by copying the revised version of the dunzip32.dll file from a 6.5.5 release over the version found in earlier 6.x releases.
Workaround if 6.5.5 is not available:
To work around this issue in previous releases of Notes, the affected file viewer can be disabled by either commenting out the relative dll's in the keyview.ini file found in the program directory or by deleting the files from the program directory.
There are three options for disabling this viewer: 1. Delete the keyview.ini file in the Notes program directory. This disables ALL viewers. When a user clicks View (for any file), a dialog box will be displayed with the message "Unable to locate the viewer configuration file."
2. Delete the problem file (dunzip32.dll). When a user tries to view the specific file type (zip archives), a dialog box will be displayed with the message "The viewer display window could not be initialized." All other file types work without returning the error message.
3. Comment out specific lines in keyview.ini for any references to the problem file (dll). To comment a line, you precede it with a semi-colon (;). When a user tries to view the specific file type (zip archives), a dialog box will be displayed with the message "The viewer display window could not be initialized."
For example:
[KVARCVE]
; 132=ziprdr.dll
Additional background:
In general, users are strongly urged to use caution when opening or viewing unsolicited file attachments.
The attachment(s) will not auto-execute upon opening or previewing the email message; the file attachment must be opened by the user using the affected file viewer (from the menu bar, select "Attachment", then select "View").
Note:
This affects the Notes client on Microsoft Windows operating systems only. The Domino server is not affected by this issue. | | | | | | | | |
|
|
| IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. |
|
|
|
|
| Please take a moment to complete this form to help us better serve you. |
|
 |
|
|
|
|
|
|
| Product categories: |
|
| | Software | |
| | Messaging Applications | |
| | Advanced Messaging | |
| | Lotus Notes | |
| | Lotus Notes | |
|
| Operating system(s): |
| |
Windows
|
|
| Software version: |
| |
6.0, 6.5
|
|
| Reference #: |
| |
1229932
|
|
| IBM Group: |
| | Software Group |
|
| Modified date: |
| | 2006-09-11 |
|
|
