CVE-2011-1213

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes
Vendor: CVE Published:; 31 May 2011

Summary

Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.

References

http://www.ibm.com/support/docview.wss?uid=swg21500034

x_refsource_CONFIRM

http://www.securityfocus.com/bid/47962

vdb-entryx_refsource_BID

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

93% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 31, 2011
Vulnerability Reserved
Mar 3, 2011