Lotus Notes Applix Graphics viewer BEGIN tag buffer overflow

Added: 06/06/2008
CVE: CVE-2007-5405
BID: 28454
OSVDB: 44194

Background

Lotus Notes is the client for Lotus Domino servers. Lotus Notes uses the Autonomy KeyView library to display Applix Graphics (.ag) attachments.

Problem

A buffer overflow vulnerability when parsing the initial BEGIN tag in an Applix Graphics file allows command execution when a user opens a specially crafted attachment.

Resolution

Apply the fix referenced in the IBM Technote.

References

http://secunia.com/secunia_research/2007-96/advisory/

Limitations

Exploit works on Lotus Notes 8.0 and requires a user to open an e-mail attachment using the affected software.

Platforms

Windows

Back to exploit index