 |
Software > Lotus >
|
|
|
|
Lotus Notes buffer overflow vulnerability with HTML message
|
| | | Question | VeriSign iDefense VCP contacted IBM® Lotus® to report a potential buffer overflow vulnerability with the Lotus Notes® client when processing an HTML message. The advisory can be accessed at the following link:
It is possible to cause a buffer overflow situation based on the HTML content included in a message. When a Lotus Notes user receives an HTML message, the HTML content is converted to a format resembling RTF (Rich Text Format). When messages are acted upon (replied to, forwarded or copied to the clipboard), the e-mail format is converted again. It is at this point when a buffer overflow situation could be exploited. | | | | Cause | In order for an attacker to successfully exploit this vulnerability, the following must be accomplished:
(1) Attacker must compose and send a specifically crafted html message to an user
(2) User must be persuaded to either forward, reply with history, or copy the message to the clipboard.
Stack Trace This issue could result in the following known stack trace in the NSD depending on the Lotus Notes client version deployed:
############################################################
nnotes.dll!_TagAttributeListCopy@12() Line 552 C++
nnotes.dll!ConfigSelectorSet(unsigned long hSess=, cctCVSSelectorTag Selector=,unsigned short DataLen=, void * pData=) Line 3352 + 0xb C | | | | Answer | This issue was reported to Quality Engineering as SPR# KEMG6Y8P8U, and has been fixed in Lotus Notes releases 7.0.3 and Notes 8.0. Refer to the Upgrade Central site for details on upgrading Notes/Domino.
Note: This issue impacts the Lotus Notes client only; it does not impact the Domino server.
|
CVSS Base Score: < 7.1 >
---- Impact Subscore: < 6.9 >
---- Exploitability Subscore: < 8.6 >
CVSS Temporal Score: < 5.6 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 5.6 > | Base Score Metrics: - Related exploit range/Attack Vector: < Network >
- Access Complexity: < Medium >
- Authentication < None >
- Confidentiality Impact: < None >
- Integrity Impact: < None >
- Availability Impact: < Complete >
| Temporal Score Metrics: - Exploitability: < Proof of Concept >
- Remediation Level: < Official Fix >
- Report Confidence: < Confirmed >
| | References: |
*The CVSS Environment Score is customer environment-specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links. | | | | | | | | |
|
|
|
| IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. |
|
|
|
|
| Please take a moment to complete this form to help us better serve you. |
|
 |
|
|
|
|
|
|
| Product categories: |
|
| | Software | |
| | Messaging Applications | |
| | Advanced Messaging | |
| | Lotus Notes | |
| | Lotus Notes | |
|
| Operating system(s): |
| |
Linux, Mac OS, Windows
|
|
| Software version: |
| |
6.5, 7.0, 8.0
|
|
| Reference #: |
| |
1272930
|
|
| IBM Group: |
| | Software Group |
|
| Modified date: |
| | 2007-10-23 |
|
|
