Buffer overflow in Ibm Lotus_notes

CVE-2011-1215

Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.

Vulnerability class: Buffer Overflow

EPSS: 0.230 (96.0th percentile) — read the EPSS interpretation.

Affected products

Ibm Lotus_notes — versions 7.0, 7.0.0, 7.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM)
47962 (vdb-entry, x_refsource_BID)
44624 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
lotus-notes-mw8sr-bo(67622) (vdb-entry, x_refsource_XF)
oval:org.mitre.oval:def:14650 (x_refsource_OVAL, signature, vdb-entry)
20110524 IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow (x_refsource_IDEFENSE, third-party-advisory)