Buffer overflow in Ibm Lotus_notes

CVE-2011-1216

Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.

Vulnerability class: Buffer Overflow

EPSS: 0.230 (96.0th percentile) — read the EPSS interpretation.

Affected products

Ibm Lotus_notes — versions 3.0, 3.0.0.1, 3.0.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM)
47962 (vdb-entry, x_refsource_BID)
44624 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
20110524 IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow (x_refsource_IDEFENSE, third-party-advisory)
lotus-notes-assr-bo(67623) (vdb-entry, x_refsource_XF)
oval:org.mitre.oval:def:13796 (x_refsource_OVAL, signature, vdb-entry)