Secunia Research contacted IBM to report three buffer overflow vulnerabilities (SA44310) in IBM Lotus Notes file viewers when viewing Ichitaro documents. These vulnerabilities are resolved in Notes 8.5.2 Fix Pack 3 and 8.5.3.
Secunia Research contacted IBM to report three buffer overflow vulnerabilities (SA44310) in IBM Lotus Notes file viewers when viewing JustSystem's Ichitaro documents. By persuading a victim to open a specially-crafted .jtd or .doc file attachment and selecting "View" at the dialog prompt, a remote attacker could exploit this vulnerability to cause the application to crash or execute arbitrary code on the system with elevated privileges.
Note: IBM Lotus Domino servers are not affected.
For more information on the exploits, see SA44310 at:
Or see Common Vulnerabilities and Exposures website referencing:
- CVE-2011-0337: An integer overflow error in jtdsr.dll when parsing QLST chunks within Ichitaro documents
- CVE-2011-0338: A boundary error in jtdsr.dll when parsing Ichitaro documents with a chunk containing "Text" data blocks
- CVE-2011-0339: A logic error in jtdsr.dll when reconstructing text data from multiple data blocks in an Ichitaro document
The following releases of IBM Lotus Notes clients are susceptible to this malicious attack:
- 8.5.2 Fix Pack 2 and earlier
- 8.5.2 Fix Pack 3 (or later Fix Packs)
Delete the keyview.ini file in the Notes program directory.
This disables ALL viewers. When a user clicks View (for any file attachment), a dialog box will display with the message "Unable to locate the viewer configuration file."
|General Cautionary Note|
Attachments will not auto-execute upon opening or previewing the email message; the file attachment must be opened by the recipient using the aforementioned file viewer.
|Security Rating using Common Vulnerability Scoring System (CVSS) v2|
|CVSS Base Score: <9.3 >
---- Impact Subscore: <10>
---- Exploitability Subscore: <8.6 >
CVSS Temporal Score: <6.9>
CVSS Environmental Score: <Undefined >
Overall CVSS Score: <6.9.>
|Base Score Metrics:
|Temporal Score Metrics:
*The CVSS Environment Score is customer environment-specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.