Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

IBM Lotus Notes File Viewers Multiple BOF Vulnerabilities (Windows)

Information

Severity

Severity

Critical

Family

Family

Buffer overflow

CVSSv2 Base

CVSSv2 Base

9.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

3 years ago

Summary

This host has IBM Lotus Notes installed and is prone to multiple buffer overflow vulnerabilities.

Insight

Insight

The flaws are due to: - An error within 'xlssr.dll' when parsing a Binary File Format (BIFF) record in an Excel spreadsheet. - An integer underflow error within 'lzhsr.dll' when parsing header information in a LZH archive file. - A boundary error within 'rtfsr.dll' when parsing hyperlink information in a Rich Text Format (RTF) document. - A boundary error within 'mw8sr.dll' when parsing hyperlink information in a Microsoft Office Document (DOC) file. - A boundary error within 'assr.dll' when parsing tag information in an Applix Spreadsheet. - An unspecified error within 'kpprzrdr.dll' when parsing Lotus Notes .prz file format. - An unspecified error within 'kvarcve.dll' when parsing Lotus Notes .zip file format.

Affected Software

Affected Software

IBM Lotus Notes Version 8.5.2 FP2 and prior on windows

Solution

Solution

Upgrade to IBM Lotus Notes 8.5.2 FP3