 |
Support & downloads > |
|
|
|
Potential security issue with Lotus Notes file viewer for WordPerfect
|
| | | | Problem |
iDefense Labs contacted IBM Lotus to report a potential keyview buffer overflow vulnerability in Lotus Notes. In specific situations it was found that there is the possibility to execute arbitrary code.
To successfully exploit this vulnerability, an attacker would need to send a specially crafted WordPerfect Document (WPD) file attachment to users, and the users would then have to double-click and "View" the attachment.
The advisory can be found at the following URL:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=3D77=4
The CVE identifier is CVE-2008-4564
(Original publish date March 17, 2009. See "Change History" below.) | | | | |  | | | Resolving the problem |
This issue was reported to Quality Engineering as SPR#s PRAD7NSR9Z. Lotus Notes version 8.5 is not vulnerable. Also note that the issue was determined to impact Windows-based Notes clients. It does not impact the Lotus Domino server.
Note: This issue is also fixed in the latest Cumulative Client Hotfix (CCH) for Notes 8.0.2. Because hotfixes do not receive the extensive testing that maintenance releases and fix packs do, customers are encouraged to implement workarounds or deploy a release containing the fix. However, if workarounds are not possible or applicable and you still need a fix, you can download the latest CCH for Notes 8.0.2 from Fix Central.
Workarounds for Notes 7.x and 8.0x client versions:
Option 1: Contact IBM Support to obtain the patch for the Notes client.
Option 2: Alternately, you can disable the affected file viewer by following one of the options in the "How to disable viewers within Lotus Notes" section of this technote.
Workaround for Notes 6.x client versions:
If you are interested in protecting yourself from this vulnerability, we recommend disabling the viewer as described in the "How to disable Viewers within Lotus Notes" section of this technote. There is no software fix available for the 6.x Notes client version.
Workaround for Notes 5.x client versions:
If you are interested in protecting yourself from this vulnerability, we recommend disabling the viewer as described in the "How to disable Viewers within Lotus Notes" section of this technote. There is no software fix available for the 5.x Notes client version.
How to disable Viewers within Notes: Option 1 : Delete the keyview.ini file in the Notes program directory. This disables ALL viewers. When a user clicks View (for any file attachment), a dialog box will display with the message "Unable to locate the viewer configuration file."
Option 2 : Delete or rename the problem DLL file, which in this case is wp6sr.dll. When a user tries to view a WordPerfect document file type, a dialog box will display with the message "The viewer display window could not be initialized." All other file types work without returning the error message.
Option 3 : Comment out specific lines in keyview.ini for any references to the problem file (dll). To comment a line, you precede it with a semi-colon (;). When a user tries to view the specific file type, a dialog box will display with the message "The viewer display window could not be initialized."
For Example:
[KVWKBVE] --> this is the section of the keyview.ini
;178=wp6sr.dll ---> this would be the result of the WordPerfect dll commented out
Additional Background
In general, users are strongly urged to use caution when opening or viewing unsolicited file attachments.
The attachments will not auto-execute upon opening or previewing the email message; the file attachment must be opened by the user using the mentioned file viewers. In some cases, further user action is also required to trigger the exploit.
|
CVSS Base Score: < 9.3 >
---- Impact Subscore: < 10 >
---- Exploitability Subscore: < 8.6 >
CVSS Temporal Score: < 7.3 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 7.3 > | Base Score Metrics: - Related exploit range/Attack Vector: < Network >
- Access Complexity: < Medium >
- Authentication < None >
- Confidentiality Impact: < Complete >
- Integrity Impact: < Complete >
- Availability Impact: < Complete >
| Temporal Score Metrics: - Exploitability: < Proof of Concept Code>
- Remediation Level: < Official Fix >
- Report Confidence: < Confirmed >
| | References: |
*The CVSS Environment Score is customer environment-specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.
|
| 21 June 2009 | Added link to Fix Central. Added note that a fix is included in a CCH for Notes 8.0.2. | | 17 March 2009 | Initial publication. | | | | | | | | | | |
|
|
| IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. |
|
|
|
|
| Please take a moment to complete this form to help us better serve you. |
|
 |
|
|
|
|
|
|
| Product categories: |
|
| | Software | |
| | Messaging Applications | |
| | Advanced Messaging | |
| | Lotus Notes | |
| | Editor | |
|
| Operating system(s): |
| |
Windows
|
|
| Software version: |
| |
6.5, 7.0, 8.0
|
|
| Reference #: |
| |
1377573
|
|
| IBM Group: |
| | Software Group |
|
| Modified date: |
| | 2009-03-17 |
|
|
