ID CVE-2011-1213
Summary Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.
References
Vulnerable Configurations
  • IBM Lotus Notes 8.0.1
    cpe:2.3:a:ibm:lotus_notes:8.0.1
  • IBM Lotus Notes 8.0.0
    cpe:2.3:a:ibm:lotus_notes:8.0.0
  • IBM Lotus Notes 8.0
    cpe:2.3:a:ibm:lotus_notes:8.0
  • IBM Lotus Notes 7.0.3
    cpe:2.3:a:ibm:lotus_notes:7.0.3
  • IBM Lotus Notes 7.0.2
    cpe:2.3:a:ibm:lotus_notes:7.0.2
  • IBM Lotus Notes 7.0.1
    cpe:2.3:a:ibm:lotus_notes:7.0.1
  • IBM Lotus Notes 7.0.0
    cpe:2.3:a:ibm:lotus_notes:7.0.0
  • IBM Lotus Notes 7.0
    cpe:2.3:a:ibm:lotus_notes:7.0
  • IBM Lotus Notes 7.0.4
    cpe:2.3:a:ibm:lotus_notes:7.0.4
  • IBM Lotus Notes 6.5.6
    cpe:2.3:a:ibm:lotus_notes:6.5.6
  • IBM Lotus Notes 6.5.5
    cpe:2.3:a:ibm:lotus_notes:6.5.5
  • IBM Lotus Notes 6.5.4
    cpe:2.3:a:ibm:lotus_notes:6.5.4
  • IBM Lotus Notes 6.5.3
    cpe:2.3:a:ibm:lotus_notes:6.5.3
  • IBM Lotus Notes 6.5.2
    cpe:2.3:a:ibm:lotus_notes:6.5.2
  • IBM Lotus Notes 6.5.1
    cpe:2.3:a:ibm:lotus_notes:6.5.1
  • IBM Lotus Notes 6.5
    cpe:2.3:a:ibm:lotus_notes:6.5
  • IBM Lotus Notes 6.0.2
    cpe:2.3:a:ibm:lotus_notes:6.0.2
  • IBM Lotus Notes 6.0.1
    cpe:2.3:a:ibm:lotus_notes:6.0.1
  • IBM Lotus Notes 6.0
    cpe:2.3:a:ibm:lotus_notes:6.0
  • IBM Lotus Notes 6.0.5
    cpe:2.3:a:ibm:lotus_notes:6.0.5
  • IBM Lotus Notes 6.0.4
    cpe:2.3:a:ibm:lotus_notes:6.0.4
  • IBM Lotus Notes 6.0.3
    cpe:2.3:a:ibm:lotus_notes:6.0.3
  • IBM Lotus Notes 6.0.2 CF2 (Cumulative Fix 2)
    cpe:2.3:a:ibm:lotus_notes:6.0.2:cf2
  • IBM Lotus Notes 6.0.2 CF1 (Cumulative Fix 1)
    cpe:2.3:a:ibm:lotus_notes:6.0.2:cf1
  • IBM Lotus Notes 6.0.1 CF3 (Cumulative Fix 3)
    cpe:2.3:a:ibm:lotus_notes:6.0.1:cf3
  • IBM Lotus Notes 6.0.1 CF2 (Cumulative Fix 2)
    cpe:2.3:a:ibm:lotus_notes:6.0.1:cf2
  • IBM Lotus Notes 6.0.1 CF2 (Cumulative Fix 1)
    cpe:2.3:a:ibm:lotus_notes:6.0.1:cf1
  • IBM Lotus Notes 5.0.9a
    cpe:2.3:a:ibm:lotus_notes:5.0.9a
  • IBM Lotus Notes 5.0.9
    cpe:2.3:a:ibm:lotus_notes:5.0.9
  • IBM Lotus Notes 5.0.8
    cpe:2.3:a:ibm:lotus_notes:5.0.8
  • IBM Lotus Notes 5.0.7a
    cpe:2.3:a:ibm:lotus_notes:5.0.7a
  • IBM Lotus Notes 5.0.7
    cpe:2.3:a:ibm:lotus_notes:5.0.7
  • IBM Lotus Notes 5.0.6a.01
    cpe:2.3:a:ibm:lotus_notes:5.0.6a.01
  • IBM Lotus Notes 5.0.6
    cpe:2.3:a:ibm:lotus_notes:5.0.6
  • IBM Lotus Notes 5.0.6a
    cpe:2.3:a:ibm:lotus_notes:5.0.6a
  • IBM Lotus Notes 5.0.5
    cpe:2.3:a:ibm:lotus_notes:5.0.5
  • IBM Lotus Notes 5.0.5.02
    cpe:2.3:a:ibm:lotus_notes:5.0.5.02
  • IBM Lotus Notes 5.0.5.01
    cpe:2.3:a:ibm:lotus_notes:5.0.5.01
  • IBM Lotus Notes 5.0.4
    cpe:2.3:a:ibm:lotus_notes:5.0.4
  • IBM Lotus Notes 5.0.4a
    cpe:2.3:a:ibm:lotus_notes:5.0.4a
  • IBM Lotus Notes 5.0.3
    cpe:2.3:a:ibm:lotus_notes:5.0.3
  • IBM Lotus Notes 5.0.2
    cpe:2.3:a:ibm:lotus_notes:5.0.2
  • IBM Lotus Notes 5.0.2c
    cpe:2.3:a:ibm:lotus_notes:5.0.2c
  • IBM Lotus Notes 5.0.2b
    cpe:2.3:a:ibm:lotus_notes:5.0.2b
  • IBM Lotus Notes 5.0.2a
    cpe:2.3:a:ibm:lotus_notes:5.0.2a
  • IBM Lotus Notes 5.0.1
    cpe:2.3:a:ibm:lotus_notes:5.0.1
  • IBM Lotus Notes 5.0.1.02
    cpe:2.3:a:ibm:lotus_notes:5.0.1.02
  • IBM Lotus Notes 5.0.1c
    cpe:2.3:a:ibm:lotus_notes:5.0.1c
  • IBM Lotus Notes 5.0.1b
    cpe:2.3:a:ibm:lotus_notes:5.0.1b
  • IBM Lotus Notes 5.0.1a
    cpe:2.3:a:ibm:lotus_notes:5.0.1a
  • IBM Lotus Notes 5.0a
    cpe:2.3:a:ibm:lotus_notes:5.0a
  • IBM Lotus Notes 5.0
    cpe:2.3:a:ibm:lotus_notes:5.0
  • IBM Lotus Notes 5.0.10
    cpe:2.3:a:ibm:lotus_notes:5.0.10
  • IBM Lotus Notes 5.0.11
    cpe:2.3:a:ibm:lotus_notes:5.0.11
  • IBM Lotus Notes 5.0.12
    cpe:2.3:a:ibm:lotus_notes:5.0.12
  • IBM Lotus Notes 5.02
    cpe:2.3:a:ibm:lotus_notes:5.02
  • IBM Lotus Notes 4.5
    cpe:2.3:a:ibm:lotus_notes:4.5
  • IBM Lotus Notes 4.6
    cpe:2.3:a:ibm:lotus_notes:4.6
  • IBM Lotus Notes 4.2.2
    cpe:2.3:a:ibm:lotus_notes:4.2.2
  • IBM Lotus Notes 4.2.1
    cpe:2.3:a:ibm:lotus_notes:4.2.1
  • IBM Lotus Notes 4.2
    cpe:2.3:a:ibm:lotus_notes:4.2
  • IBM Lotus Notes 4.6.7a
    cpe:2.3:a:ibm:lotus_notes:4.6.7a
  • IBM Lotus Notes 4.6.7h
    cpe:2.3:a:ibm:lotus_notes:4.6.7h
  • IBM Lotus Notes 3.0.0.2
    cpe:2.3:a:ibm:lotus_notes:3.0.0.2
  • IBM Lotus Notes 3.0.0.1
    cpe:2.3:a:ibm:lotus_notes:3.0.0.1
  • IBM Lotus Notes 3.0
    cpe:2.3:a:ibm:lotus_notes:3.0
  • IBM Lotus Notes 8.5.2.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:8.5.2.1
  • IBM Lotus Notes 8.5.2.0
    cpe:2.3:a:ibm:lotus_notes:8.5.2.0
  • IBM Lotus Notes 8.5.1.5 (Fix Pack 5)
    cpe:2.3:a:ibm:lotus_notes:8.5.1.5
  • IBM Lotus Notes 8.5.1.4 (Fix Pack 4)
    cpe:2.3:a:ibm:lotus_notes:8.5.1.4
  • IBM Lotus Notes 8.5.1.3 (Fix Pack 3)
    cpe:2.3:a:ibm:lotus_notes:8.5.1.3
  • IBM Lotus Notes 8.5.1.2 (Fix Pack 2)
    cpe:2.3:a:ibm:lotus_notes:8.5.1.2
  • IBM Lotus Notes 8.5.1.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:8.5.1.1
  • IBM Lotus Notes 8.5.1.0
    cpe:2.3:a:ibm:lotus_notes:8.5.1.0
  • IBM Lotus Notes 8.5.1
    cpe:2.3:a:ibm:lotus_notes:8.5.1
  • IBM Lotus Notes 8.5.0.1
    cpe:2.3:a:ibm:lotus_notes:8.5.0.1
  • IBM Lotus Notes 8.5.0.0
    cpe:2.3:a:ibm:lotus_notes:8.5.0.0
  • IBM Lotus Notes 8.5
    cpe:2.3:a:ibm:lotus_notes:8.5
  • IBM Lotus Notes 8.0.2.6 (Fix Pack 6)
    cpe:2.3:a:ibm:lotus_notes:8.0.2.6
  • IBM Lotus Notes 8.0.2.5 (Fix Pack 5)
    cpe:2.3:a:ibm:lotus_notes:8.0.2.5
  • IBM Lotus Notes 8.0.2.4 (Fix Pack 4)
    cpe:2.3:a:ibm:lotus_notes:8.0.2.4
  • IBM Lotus Notes 8.0.2.3 (Fix Pack 3)
    cpe:2.3:a:ibm:lotus_notes:8.0.2.3
  • IBM Lotus Notes 8.0.2.2 (Fix Pack 2)
    cpe:2.3:a:ibm:lotus_notes:8.0.2.2
  • IBM Lotus Notes 8.0.2.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:8.0.2.1
  • IBM Lotus Notes 8.0.2.0
    cpe:2.3:a:ibm:lotus_notes:8.0.2.0
  • IBM Lotus Notes 8.0.2
    cpe:2.3:a:ibm:lotus_notes:8.0.2
  • IBM Lotus Notes 7.0.2.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:7.0.2.1
  • IBM Lotus Notes 7.0.2.2 (Fix Pack 2)
    cpe:2.3:a:ibm:lotus_notes:7.0.2.2
  • IBM Lotus Notes 7.0.2.3 (Fix Pack 3)
    cpe:2.3:a:ibm:lotus_notes:7.0.2.3
  • IBM Lotus Notes 7.0.3.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:7.0.3.1
  • IBM Lotus Notes 7.0.4.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:7.0.4.1
  • IBM Lotus Notes 7.0.4.2 (Fix Pack 2)
    cpe:2.3:a:ibm:lotus_notes:7.0.4.2
  • IBM Lotus Notes 7.0.1.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:7.0.1.1
  • IBM Lotus Notes 7.0.4.0
    cpe:2.3:a:ibm:lotus_notes:7.0.4.0
  • IBM Lotus Notes 6.5.6.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:6.5.6.1
  • IBM Lotus Notes 6.5.6.2 (Fix Pack 2)
    cpe:2.3:a:ibm:lotus_notes:6.5.6.2
  • IBM Lotus Notes 6.5.6.3 (Fix Pack 3)
    cpe:2.3:a:ibm:lotus_notes:6.5.6.3
  • IBM Lotus Notes 6.5.5.3 (Fix Pack 3)
    cpe:2.3:a:ibm:lotus_notes:6.5.5.3
  • IBM Lotus Notes 6.5.5.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:6.5.5.1
  • IBM Lotus Notes 6.5.5.2 (Fix Pack 2)
    cpe:2.3:a:ibm:lotus_notes:6.5.5.2
  • IBM Lotus Notes 6.5.4.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:6.5.4.1
  • IBM Lotus Notes 6.5.4.2 (Fix Pack 2)
    cpe:2.3:a:ibm:lotus_notes:6.5.4.2
  • IBM Lotus Notes 6.5.4.3 (Fix Pack 3)
    cpe:2.3:a:ibm:lotus_notes:6.5.4.3
  • IBM Lotus Notes 6.5.3.1 (Fix Pack 1)
    cpe:2.3:a:ibm:lotus_notes:6.5.3.1
  • IBM Lotus Notes 6.0.2.2 (Fix Pack 2)
    cpe:2.3:a:ibm:lotus_notes:6.0.2.2
  • IBM Lotus Notes 8.5.2.2 (Fix Pack 2)
    cpe:2.3:a:ibm:lotus_notes:8.5.2.2
CVSS
Base: 9.3 (as of 01-06-2011 - 10:11)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview(.lzh attachment). CVE-2011-1213. Remote exploit for windows platform
id EDB-ID:17448
last seen 2016-02-02
modified 2011-06-23
published 2011-06-23
reporter metasploit
source https://www.exploit-db.com/download/17448/
title Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview .lzh attachment
metasploit via4
nessus via4
  • NASL family Windows
    NASL id SYMANTEC_SYM_11-013.NASL
    description The file attachment filter component included with the instance of Symantec Mail Security installed on the remote Windows host is reportedly affected by multiple buffer overflow vulnerabilities that can be triggered when handling attachments of various types. By sending an email with a specially crafted attachment through a vulnerable server, an attacker could execute arbitrary code subject to the privileges under which the affected daemon runs.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 56666
    published 2011-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56666
    title Symantec Mail Security Autonomy Verity Keyview Filter Vulnerabilities (SYM11-013)
  • NASL family Windows
    NASL id NOTES_KEYVIEW_OVERFLOWS2.NASL
    description The file attachment viewer component included with the instance of Lotus Notes installed on the remote Windows host is reportedly affected by several buffer overflow vulnerabilities that can be triggered when handling attachments of various types. By sending a specially crafted attachment to users of the affected application and getting them to double-click and view the attachment, an attacker may be able to execute arbitrary code subject to the privileges under which the affected application runs.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 54922
    published 2011-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54922
    title IBM Lotus Notes Attachment Handling Multiple Buffer Overflows
oval via4
accepted 2015-06-15T04:00:09.460-04:00
class vulnerability
contributors
  • name Scott Quint
    organization DTCC
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment IBM Lotus Notes is installed
    oval oval:org.mitre.oval:def:11999
  • comment IBM Lotus Notes is installed
    oval oval:org.mitre.oval:def:11999
  • comment IBM Lotus Notes is installed
    oval oval:org.mitre.oval:def:11999
  • comment IBM Lotus Notes is installed
    oval oval:org.mitre.oval:def:11999
  • comment IBM Lotus Notes is installed
    oval oval:org.mitre.oval:def:11999
  • comment IBM Lotus Notes is installed
    oval oval:org.mitre.oval:def:11999
description Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.
family windows
id oval:org.mitre.oval:def:14634
status accepted
submitted 2011-12-16T09:51:42.000-05:00
title Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.
version 10
packetstorm via4
data source https://packetstormsecurity.com/files/download/102577/windows-fileformat-lotusnotes_lzh.rb.txt
id PACKETSTORM:102577
last seen 2016-12-05
published 2011-06-25
reporter alino
source https://packetstormsecurity.com/files/102577/Lotus-Notes-8.0.x-8.5.2-FP2-Autonomy-Keyview.html
title Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview
refmap via4
bid 47962
confirm http://www.ibm.com/support/docview.wss?uid=swg21500034
idefense 20110524 IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
secunia 44624
sreason 8285
xf lotus-notes-lzhsr-bo(67620)
saint via4
bid 48018
description IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
osvdb 72706
title lotus_notes_lzh_viewer
type client
Last major update 26-01-2012 - 22:58
Published 31-05-2011 - 16:55
Last modified 18-09-2017 - 21:32
Back to Top