| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Sep 2022 00:58:32 -0000 (UTC) From: Tavis Ormandy <taviso@...il.com> To: fulldisclosure@...lists.org Subject: [FD] 123ADV-001: Stack Buffer Overflow in Lotus 1-2-3 R3 for UNIX/Linux # About The 123 command is a spreadsheet application for UNIX-based systems that can be used in interactive mode to create and modify financial and scientific models. For more information, see https://123r3.net # Advisory A stack buffer overflow was reported in the cell format processing routines. If a victim opens an untrusted malicious worksheet, code execution could occur. There have been no reports of this vulnerability being exploited in the wild. We take your security very seriously, in fact, this is the first known vulnerability reported in Lotus 1-2-3 R3 since it's release in September 1990. # Credit This issue was reported to the 123elf project by dbastone. # Solution A new release has been prepared to resolve this issue, we recommend affected users upgrade immediately. https://github.com/taviso/123elf/ Lotus 1-2-3 releases for other platforms are affected, but are not actively maintained. MS-DOS, OS/2, OpenVMS, z/OS and SysV/386 users are advised to migrate to Linux to continue receiving updates. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger taviso@....org _\_V _( ) _( ) @taviso _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists