Further security vulnerability in Lotus Notes file viewer
IBM has released an advisory regarding security vulnerabilities in the Lotus Notes file viewer for Lotus 1-2-3 documents. Like the vulnerabilities in Lotus Notes and Domino fixed by IBM only a month ago, the bug can again be traced back to the Verity KeyView SDK library.
In the file viewer module l123sr.dll used for viewing Lotus Notes worksheets (.wks), buffer overflows can occur, as the software fails to check length values given in the wks file before using these values for copying data into fixed length buffers. This can lead to execution of injected code.
Whilst the user does have to open the crafted file voluntarily, the worksheet viewer is still invoked if the file carries a fake file extension such as .jpg, so the vulnerability might be triggered unwittingly by a user opening an apparently irrelevant file. Both IBM and the discoverers of the vulnerability, Core Security, provide instructions for resolving the problem in their security advisories. Affected administrators can contact IBM to receive in advance an update scheduled to be included in the next Lotus Notes maintenance release. Alternatively, both companies include instructions for deactivating the file viewer.
- Lotus Notes buffer overflow in the Lotus WorkSheet file processor, security advisory from Core Security
- Buffer overflow vulnerability in Lotus Notes file viewer for Lotus 1-2-3 attachments, security advisory from IBM