Integer Underflow Vulnerability in Autonomy KeyView Used by IBM Lotus Notes
CVE-2011-1213

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes
Vendor: CVE Published:; 31 May 2011

Summary

An integer underflow vulnerability has been identified in lzhsr.dll within Autonomy KeyView, utilized by IBM Lotus Notes prior to version 8.5.2 FP3. This flaw allows remote attackers to exploit crafted headers in .lzh attachments, potentially leading to arbitrary code execution due to a stack-based buffer overflow. Ensuring updates to affected versions is crucial to mitigate this risk.

References

http://www.ibm.com/support/docview.wss?uid=swg21500034

x_refsource_CONFIRM

http://www.securityfocus.com/bid/47962

vdb-entryx_refsource_BID

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

81% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 31, 2011
Vulnerability Reserved
Mar 3, 2011