IBM Lotus Notes "cai" URI and iCal Remote Code Execution Vulnerabilities
Last Update Date:
8 Feb 2011 15:27
Release Date:
8 Feb 2011
5627
Views
RISK: High Risk
TYPE: Clients - Email Clients
Two vulnerabilities have been identified in IBM Lotus Notes, which could be exploited by remote attackers to compromise a vulnerable system.
1. An input validation error when processing "cai" URIs, which could allow attackers to execute arbitrary code.
2. A buffer overflow error related to iCal, which could be exploited by attackers to execute arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- IBM Lotus Notes versions prior to 8.5.3
- IBM Lotus Notes versions prior to 8.0.2 FP6
- IBM Lotus Notes versions prior to 8.5.1 FP5
- IBM Lotus Notes versions prior to 8.5.2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to IBM Lotus Notes version 8.5.3, 8.0.2 FP6, 8.5.1 FP5 or 8.5.2.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with