Core Security has put out a new advisory concerning a buffer overflow in Lotus Notes. Both remotely and locally exploitable.
Core lists the vulnerable software pieces as:
- Lotus Notes version 7.x
- Lotus Notes version 8.x (not confirmed by Core)
- Lotus Notes version 6.5.6 (not confirmed by Core)
- Other software packages using Verity KeyView SDK using vulnerable
versions of l123sr.dll
Although it's prudent to keep in mind that as of now 8.x and 6.5.6 are NOT confirmed by Core (as in their advisory, and the cut and paste above).
Cut and Paste from Core's Advisory:
Lotus Notes customers should follow the instructions of the following
support Technote, which outlines the available options based on specific
versions of Lotus Notes:
http://www.ibm.com/support/docview.w...id=swg21285600
Workaround 1: Delete the keyview.ini file in the Notes program directory.
This disables ALL viewers. When a user clicks View (for any file), a
dialog box will display with the message Unable to locate the viewer
configuration file..
Workaround 2: Delete the problem file l123sr.dll file. When a user tries
to view the specific file type, a dialog box will display with the message
The viewer display window could not be initialized.). When a user tries to view the specific file type, a dialog
box will display with the message The viewer display window could not be
initialized81.2.0.9.0=l123sr.dll
Workaround 4: Filter inbound emails with attachments with potentially
malicious files. Lotus 1-2-3 files are usually associated to MIME
Content-Type headers set to the following strings:
application/lotus-1-2-3
application/lotus123
application/x-lotus123
application/wks
application/x-wks
application/vnd.lotus-1-2-3
Note however that workaround #4 is a simply stop gap measure that could be
circumvented by relatively unsophisticated attackers.
Joel Esler
http://www.joelesler.net
More...
Breakout Champion!
Linear Mode
