Next Page >>
Lotus Notes
*Report Timeline*
2007-09-13: Email to IBM AIX security requesting security contact
information for Lotus Notes
2007-09-14: Reply from IBM AIX security team with contact information of
the IBM Lotus Notes security team
2007-09-17: Email to IBM Lotus Notes security notifying Core’s intent to
report the vulnerability in Lotus Notes and Autonomy’s KeyView SDK and
requesting an acknowledgement within 2 business days indicating of whether
further communications should be encrypted. Security advisory publication
date set to October 15th. Security contact information for Autonomy’s
4. *Vulnerable packages*
All current releases are affected:
. IBM Lotus Notes 8.5.2
. IBM Lotus Notes 8.5.1
. IBM Lotus Notes 8.0.x
. IBM Lotus Notes 7.x
. IBM Lotus Notes 6.x
. IBM Lotus Notes 5.x
IV. DETECTION
iDefense confirmed the existence of this vulnerability using the
following versions of the affected software:
xlssr.dll version 8.0.0.7214, distributed with IBM Lotus Notes 8.0
xlssr.dll version 8.5.0.8339, distributed with IBM Lotus Notes 8.5
xlssr.dll version 10.5.0.0, distributed with Symantec Mail Security
for Microsoft Exchange
All versions of the KeyView SDK that include the "xlssr.dll" filter
IBM Lotus Notes Client TagAttributeListCopy Buffer Overflow Vulnerability
iDefense Security Advisory 10.23.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 23, 2007
I. BACKGROUND
IBM Corp.'s Lotus Notes software is an integrated desktop client option
for accessing e-mail, calendars and applications on an IBM Corp. Lotus
V. WORKAROUND
A workaround is available to disable MS Office Documents within the
Lotus Notes file viewer: <BR> <BR> Open the keyview.ini file in the
Lotus Notes program data directory (C:\Program
Files\IBM\Lotus\Notes\Data) and comment out all references to mw8sr.dll.
To comment out a reference, proceed the line with a semi-colon ';'.
VI. VENDOR RESPONSE
IBM has released patches and workarounds to address this vulnerability.
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-013
Advisory Title: Lotus Notes Memory Mapped Files Vulnerability
Author: Ollie Whitehouse / ollie_whitehouse@symantec.com
Release Date: 23-10-2007
Application: Lotus Notes / Domino
Platform: Microsoft Windows
Severity: Session hijacking in shared user environments
[vuln.sg] Vulnerability Research Advisory
IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities
by Tan Chew Keong
Release Date: 2007-10-23
Summary
-------
Multiple exploitable buffer overflow vulnerabilities were found within the file attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes.
ZDI-10-159: IBM Lotus Notes Autonomy KeyView WK3 Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-159
August 23, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
IBM
Autonomy
ZDI-10-158: IBM Lotus Notes Autonomy KeyView WK3 Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-158
August 23, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
IBM
Autonomy
ZDI-10-156: IBM Lotus Notes Autonomy KeyView Word Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-156
August 23, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
IBM
Autonomy
ZDI-10-157: IBM Lotus Notes Autonomy KeyView Office Shape Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-157
August 23, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
IBM
Autonomy
ZDI-11-051: IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-051
February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for this vulnerability please see: http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm
-- Affected Vendors:
IBM
-- Affected Products:
> Autonomy Keyview Folio Flat File Parsing Buffer Overflows
> Autonomy Keyview Applix Graphics Parsing Vulnerabilities
> Autonomy Keyview EML Reader Buffer Overflows
> activePDF DocConverter Folio Flat File Parsing Buffer Overflows
> activePDF DocConverter Applix Graphics Parsing Vulnerabilities
> Lotus Notes Applix Graphics Parsing Vulnerabilities
> Lotus Notes Folio Flat File Parsing Buffer Overflows
> Lotus Notes EML Reader Buffer Overflows
> Lotus Notes kvdocve.dll Path Processing Buffer Overflow
> Lotus Notes htmsr.dll Buffer Overflows
> Symantec Mail Security Folio Flat File Parsing Buffer Overflows
V. WORKAROUND
A workaround is available to disable RTF documents within the Lotus
Notes file viewer: <BR> <BR> Open the keyview.ini file in the Lotus
Notes program data directory (C:\Program Files\IBM\Lotus\Notes\Data) and
comment out all references to rtfsr.dll. To comment out a reference,
proceed the line with a semi-colon ';'.
VI. VENDOR RESPONSE
V. WORKAROUND
A workaround is available to disable LZH archive files within the Lotus
Notes file viewer: <BR> <BR> Open the keyview.ini file in the Lotus
Notes program data directory (C:\Program Files\IBM\Lotus\Notes\Data) and
comment out all references to lzhsr.dll. To comment out a reference,
proceed the line with a semi-colon ';'.
VI. VENDOR RESPONSE
> > > Autonomy Keyview Folio Flat File Parsing Buffer Overflows
> > > Autonomy Keyview Applix Graphics Parsing Vulnerabilities
> > > Autonomy Keyview EML Reader Buffer Overflows
> > > activePDF DocConverter Folio Flat File Parsing Buffer Overflows
> > > activePDF DocConverter Applix Graphics Parsing Vulnerabilities
> > > Lotus Notes Applix Graphics Parsing Vulnerabilities
> > > Lotus Notes Folio Flat File Parsing Buffer Overflows
> > > Lotus Notes EML Reader Buffer Overflows
> > > Lotus Notes kvdocve.dll Path Processing Buffer Overflow
> > > Lotus Notes htmsr.dll Buffer Overflows
> > > Symantec Mail Security Folio Flat File Parsing Buffer Overflows
V. WORKAROUND
A workaround is available to disable Applix Documents within the Lotus
Notes file viewer: <BR> <BR> Open the keyview.ini file in the Lotus
Notes program data directory (C:\Program Files\IBM\Lotus\Notes\Data) and
comment out all references to assr.dll. To comment out a reference,
proceed the line with a semi-colon ';'.
VI. VENDOR RESPONSE
Exploitation allows attackers to execute arbitrary code with the
privileges of the user. In order to exploit this vulnerability, an
attacker must cause a specially crafted Word Perfect Document to be
processed by an application using the Autonmoy KeyView SDK.
In cases such as Lotus Notes, this requires that an attacker convince a
user to view an e-mail attachment. However, in other cases processing
may take place automatically as a document is examined.
IV. DETECTION
IV. DETECTION
iDefense confirmed the existence of this vulnerability using the
following versions of the affected software:
kvolefio.dll version 8.5.0.8339, distributed with IBM Lotus Notes 8.5
kvolefio.dll version 10.5.0.0, distributed with Symantec Mail Security
for Microsoft Exchange
All versions of the KeyView SDK that include the "kvolefio.dll" library
are suspected to be vulnerable. All applications that utilize
======================================================================
Secunia Research 08/04/2008
- Lotus Notes htmsr.dll Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 08/04/2008
- Lotus Notes kvdocve.dll Path Processing Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 08/04/2008
- Lotus Notes Folio Flat File Parsing Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
Details:
========
A persistent Cross-Site Scripting vulnerability has been detected on C4B XPhone UC Web v4.1.890SR1 and versions below.
The bug allows an attacker to inject arbitrary script code on the application side (persistent) via for example
a connected groupware application like Microsoft Outlook or IBM Lotus Notes. The injected script code is
executed on every client who is searching for details of the manipulated user on the web application. Successful
exploitation of the vulnerability can therefor lead to session hijacking or stable (persistent) context manipulation.
Vulnerable Module(s):
[+] Work => Home/Work => Company Name (Input)
Details:
========
A persistent Cross-Site Scripting vulnerability has been detected on C4B XPhone UC Web v4.1.890SR1 and versions below.
The bug allows an attacker to inject arbitrary script code on the application side (persistent) via for example
a connected groupware application like Microsoft Outlook or IBM Lotus Notes. The injected script code is
executed on every client who is searching for details of the manipulated user on the web application. Successful
exploitation of the vulnerability can therefor lead to session hijacking or stable (persistent) context manipulation.
Vulnerable Module(s):
[+] Work => Home/Work => Company Name (Input)
======================================================================
Secunia Research 08/04/2008
- Lotus Notes EML Reader Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 08/04/2008
- Lotus Notes Applix Graphics Parsing Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
IBM Lotus Notes 8.5 RSS Widget Privilege Escalation
scip AG Vulnerability ID 4021 (09/08/2009)
http://www.scip.ch/?vuldb.4021
I. INTRODUCTION
Lotus Notes is a client-server, collaborative application developed and
sold by IBM Software Group.
-- Affected Products:
KeyView SDK
-- Vulnerability Details:
Several vulnerabilities exist in the popular Verity KeyView SDK used in
many enterprise applications like IBM Lotus Notes. When parsing
several different file formats a standard stack overflow occurs
allowing a malicious user to gain complete control of the affected
machine under the rights of the currently logged in user. The problem
lies when copying user supplied data to a stack based buffer without
any boundary conditions.
Mar 02, 2010
I. BACKGROUND
IBM Lotus Domino includes an ActiveX control called Domino Web Access,
which provides Web-based access for Lotus Notes users. The control
features functionality that is used for uploading files and clearing
the cache upon logout. For more information, see the vendor's site
found at the following link.
http://www-01.ibm.com/software/lotus/products/inotes/
This vulnerability also can be triggered through e-mail. If the e-mail
client can automatically display images embedded in the e-mail, the
user only needs to open the e-mail to trigger the vulnerability.
Currently an EMF file is used as a test attack vector. Outlook and
Outlook Express will automatically display EMF images and trigger the
vulnerability. Lotus Notes and Thunderbird do not display EMF images in
e-mail directly, but the vulnerability still can be triggered when
opening or viewing the EMF attachment.
IV. DETECTION
Next Page>>
|
