Buffer overflow in Ibm Lotus_notes

CVE-2011-1214

Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.

Vulnerability class: Buffer Overflow

EPSS: 0.186 (95.4th percentile) — read the EPSS interpretation.

Affected products

Ibm Lotus_notes — versions 3.0, 3.0.0.1, 3.0.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
47962 (vdb-entry, x_refsource_BID)
44624 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
20110524 IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow (x_refsource_IDEFENSE, third-party-advisory)
lotus-notes-rtfsr-bo(67621) (vdb-entry, x_refsource_XF)
oval:org.mitre.oval:def:14309 (x_refsource_OVAL, signature, vdb-entry)