Skip to main content

IBM Lotus Notes "cai" URI and iCal Remote Code Execution Vulnerabilities

Last Update Date: 8 Feb 2011 15:27 Release Date: 8 Feb 2011 6357 Views

RISK: High Risk

TYPE: Clients - Email Clients

TYPE: Email Clients

Two vulnerabilities have been identified in IBM Lotus Notes, which could be exploited by remote attackers to compromise a vulnerable system.

 

1. An input validation error when processing "cai" URIs, which could allow attackers to execute arbitrary code.

 

2. A buffer overflow error related to iCal, which could be exploited by attackers to execute arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • IBM Lotus Notes versions prior to 8.5.3
  • IBM Lotus Notes versions prior to 8.0.2 FP6
  • IBM Lotus Notes versions prior to 8.5.1 FP5
  • IBM Lotus Notes versions prior to 8.5.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

  • Upgrade to IBM Lotus Notes version 8.5.3, 8.0.2 FP6, 8.5.1 FP5 or 8.5.2.

 


Vulnerability Identifier

  • No CVE information is available

Source


Related Link