Fixes for security vulnerabilities in IBM Lotus Notes file viewers when viewing Ichitaro documents

Flash (Alert)


Abstract

Secunia Research contacted IBM to report three buffer overflow vulnerabilities (SA44310) in IBM Lotus Notes file viewers when viewing Ichitaro documents. These vulnerabilities are resolved in Notes 8.5.2 Fix Pack 3 and 8.5.3.

Content

Secunia Research contacted IBM to report three buffer overflow vulnerabilities (SA44310) in IBM Lotus Notes file viewers when viewing JustSystem's Ichitaro documents. By persuading a victim to open a specially-crafted .jtd or .doc file attachment and selecting "View" at the dialog prompt, a remote attacker could exploit this vulnerability to cause the application to crash or execute arbitrary code on the system with elevated privileges.
Note: IBM Lotus Domino servers are not affected.

For more information on the exploits, see SA44310 at:
http://secunia.com/advisories/44310

Or see Common Vulnerabilities and Exposures website referencing:

  • CVE-2011-0337: An integer overflow error in jtdsr.dll when parsing QLST chunks within Ichitaro documents
  • CVE-2011-0338: A boundary error in jtdsr.dll when parsing Ichitaro documents with a chunk containing "Text" data blocks
  • CVE-2011-0339: A logic error in jtdsr.dll when reconstructing text data from multiple data blocks in an Ichitaro document

Affected versions

The following releases of IBM Lotus Notes clients are susceptible to this malicious attack:
  • 8.5.2 Fix Pack 2 and earlier
  • 8.0.x

Recommended Fix
SA44310 has been investigated by IBM and is tracked in the following SPRs: KLYH8GPJH4, KLYH8GPJTX, and KLYH8GPJW8. To address the issues, customers are encouraged to apply the following IBM Lotus Notes client releases:
  • 8.5.3
  • 8.5.2 Fix Pack 3 (or later Fix Packs)

Workarounds
Options to disable all viewers within IBM Lotus Notes.

Delete the keyview.ini file in the Notes program directory.
This disables ALL viewers. When a user clicks View (for any file attachment), a dialog box will display with the message "Unable to locate the viewer configuration file."


General Cautionary Note
Users are strongly urged to use caution when opening or viewing unsolicited file attachments.

Attachments will not auto-execute upon opening or previewing the email message; the file attachment must be opened by the recipient using the aforementioned file viewer.


CVSS Score
IBM offers the following CVSS Score for all three IBM Lotus Notes Ichitaro file viewer vulnerabilities (listed below by SPR number):
  • KLYH8GPJH4
  • KLYH8GPJTX
  • KLYH8GPJW8
Security Rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: <9.3 >
---- Impact Subscore: <10>
---- Exploitability Subscore: <8.6 >
CVSS Temporal Score: <6.9>
CVSS Environmental Score: <Undefined >
Overall CVSS Score: <6.9.>
Base Score Metrics:
  • Related exploit range/Attack Vector: < Network >
  • Access Complexity: < Medium >
  • Authentication < None >
  • Confidentiality Impact: < Complete >
  • Integrity Impact: < Complete >
  • Availability Impact: < Complete >
Temporal Score Metrics:
  • Exploitability: < Unproven>
  • Remediation Level: < Official Fix >
  • Report Confidence: < Confirmed >
References:

*The CVSS Environment Score is customer environment-specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


Acknowledgement
This vulnerability was reported to IBM by Secunia Research. See the following link for more information.

http://secunia.com/advisories/44310

Related information

How to download IBM Lotus Notes 8.5.3 from Passport Adv
Download LotusNotes853.itw for Windows 8.5.3 Notes Stan
developerWorks Lotus - Security


Document information


More support for:

IBM Notes
Security

Software version:

8.0.2, 8.5, 8.5.1, 8.5.2

Operating system(s):

Linux, Mac OS, Mac OS X, Windows

Software edition:

All Editions

Reference #:

1566925

Modified date:

2011-10-17

Translate my page

Content navigation