Buffer Overflow Vulnerability in IBM Lotus Notes Allows Remote Code Execution
CVE-2011-1218

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes; Keyview
Vendor: CVE Published:; 31 May 2011

Summary

A buffer overflow issue exists in the kvarcve.dll component of Autonomy KeyView, utilized by IBM Lotus Notes prior to version 8.5.2 FP3. This vulnerability enables attackers to exploit the flaw by sending specially crafted .zip attachments, potentially allowing them to execute arbitrary code on the affected system. It is essential for users of affected IBM Lotus Notes versions to apply the necessary updates to mitigate this risk.

References

http://www.ibm.com/support/docview.wss?uid=swg21500034

x_refsource_CONFIRM

http://www.securityfocus.com/bid/47962

vdb-entryx_refsource_BID

http://secunia.com/advisories/44624

third-party-advisoryx_refsource_SECUNIA

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 31, 2011
Vulnerability Reserved
Mar 3, 2011