| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <471E0738.101@vuln.sg> Date: Tue, 23 Oct 2007 22:37:44 +0800 From: TAN Chew Keong <vulnpost-remove@...n.sg> To: full-disclosure@...ts.grok.org.uk Subject: [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities [vuln.sg] Vulnerability Research Advisory IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities by Tan Chew Keong Release Date: 2007-10-23 Summary ------- Multiple exploitable buffer overflow vulnerabilities were found within the file attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes. Tested Versions --------------- Lotus Notes 7.0.2 (Trial) Details ------- http://vuln.sg/lotusnotes702-en.html http://vuln.sg/lotusnotes702-jp.html Vendor's Technote ----------------- http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists