IBM Lotus Notes File Viewer for Excel Code Execution Vulnerability
RISK: Medium Risk
A vulnerability has been identified in IBM Lotus Notes, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error in the File Viewer for Excel (xlssr.dll) when processing a malformed XLS document, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into double-clicking a specially crafted attachment and selecting "View".
Impact
- Remote Code Execution
System / Technologies affected
- IBM Lotus Notes versions 8.5.x
- IBM Lotus Notes versions 8.0x
- IBM Lotus Notes versions 7.x
- IBM Lotus Notes versions 6.x
- IBM Lotus Notes versions 5.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Obtain the patch from IBM support:
http://www.ibm.com/software/support/probsub.htmlOr disable the affected viewer "xlssr.dll" :
http://www-01.ibm.com/support/docview.wss?uid=swg21396492
Vulnerability Identifier
Source
Related Link
Share with