Published: 31/05/2011 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes prior to 8.5.2 FP3, allows remote malicious users to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm lotus notes 7.0.0
ibm lotus notes 7.0
ibm lotus notes 6.5.1
ibm lotus notes 6.5
ibm lotus notes 6.0.2
ibm lotus notes 6.0.1
ibm lotus notes 5.0.7
ibm lotus notes 5.0.6a.01
ibm lotus notes 5.0.4a
ibm lotus notes 5.0.3
ibm lotus notes 8.0.1
ibm lotus notes 8.0.0
ibm lotus notes 7.0.4
ibm lotus notes 6.5.6
ibm lotus notes 8.0
ibm lotus notes 7.0.3
ibm lotus notes 6.5.5
ibm lotus notes 6.5.4
ibm lotus notes 6.0
ibm lotus notes 6.0.5
ibm lotus notes 6.0.4
ibm lotus notes 5.0.9a
ibm lotus notes 5.0.9
ibm lotus notes 5.0.5
ibm lotus notes 5.0.5.02
ibm lotus notes 5.0.2a
ibm lotus notes 5.0.1
ibm lotus notes 5.0.10
ibm lotus notes 5.0.11
ibm lotus notes 4.2
ibm lotus notes 4.6.7a
ibm lotus notes 8.5.1.4
ibm lotus notes 8.5.1.3
ibm lotus notes 8.5
ibm lotus notes 8.0.2.6
ibm lotus notes 8.0.2
ibm lotus notes 7.0.2.1
ibm lotus notes 6.5.6.1
ibm lotus notes 6.5.6.2
ibm lotus notes 6.5.4.3
ibm lotus notes 6.5.3.1
ibm lotus notes 5.0.1b
ibm lotus notes 5.0.1a
ibm lotus notes 4.5
ibm lotus notes 4.6
ibm lotus notes 3.0.0.1
ibm lotus notes 3.0
ibm lotus notes 8.5.2.1
ibm lotus notes 8.5.1.0
ibm lotus notes 8.5.1
ibm lotus notes 8.0.2.3
ibm lotus notes 8.0.2.2
ibm lotus notes 7.0.3.1
ibm lotus notes 7.0.4.1
ibm lotus notes 7.0.4.2
ibm lotus notes 6.5.5.1
ibm lotus notes 6.5.5.2
ibm lotus notes 5.0.6
ibm lotus notes 5.0.6a
ibm lotus notes 5.0.2
ibm lotus notes 5.0.2c
ibm lotus notes 5.0.2b
ibm lotus notes 5.0a
ibm lotus notes 5.0
ibm lotus notes 4.2.2
ibm lotus notes 4.2.1
ibm lotus notes 8.5.2.0
ibm lotus notes 8.5.1.5
ibm lotus notes 8.5.0.1
ibm lotus notes 8.5.0.0
ibm lotus notes 8.0.2.1
ibm lotus notes 8.0.2.0
ibm lotus notes 7.0.1.1
ibm lotus notes 7.0.4.0
ibm lotus notes 6.5.4.1
ibm lotus notes 6.5.4.2
ibm lotus notes 7.0.2
ibm lotus notes 7.0.1
ibm lotus notes 6.5.3
ibm lotus notes 6.5.2
ibm lotus notes 6.0.3
ibm lotus notes 5.0.8
ibm lotus notes 5.0.7a
ibm lotus notes 5.0.5.01
ibm lotus notes 5.0.4
ibm lotus notes 5.0.1.02
ibm lotus notes 5.0.1c
ibm lotus notes 5.0.12
ibm lotus notes 5.02
ibm lotus notes 4.6.7h
ibm lotus notes 3.0.0.2
ibm lotus notes 8.5.1.2
ibm lotus notes 8.5.1.1
ibm lotus notes 8.0.2.5
ibm lotus notes 8.0.2.4
ibm lotus notes 7.0.2.2
ibm lotus notes 7.0.2.3
ibm lotus notes 6.5.6.3
ibm lotus notes 6.5.5.3
ibm lotus notes 6.0.2.2
ibm lotus notes

## # $Id: lotusnotes_lzhrb 13015 2011-06-23 15:43:54Z bannedit $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cla ...

CWE-189 http://www.ibm.com/support/docview.wss?uid=swg21500034 http://www.securityfocus.com/bid/47962 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=904 http://secunia.com/advisories/44624 http://securityreason.com/securityalert/8285 https://exchange.xforce.ibmcloud.com/vulnerabilities/67620 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14634 https://nvd.nist.gov https://www.exploit-db.com/exploits/17448/

Get Started

CVE-2011-1213

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect