‘Lotus Notes XLS viewer malformed BIFF record heap overflow Vulnerability’

Summary

A memory corruption vulnerability can be triggered when a Lotus Notes client parses a .XLS file with a specially crafted BIFF record.’

Credit:

‘The information has been provided by Pablo Santamaria, Oren Isacson and Nadia Rodriguez.
The original article can be found at: http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow


Details

Vulnerable Systems:
 * IBM Lotus Notes 8.5.2
 * IBM Lotus Notes 8.5.1
 * IBM Lotus Notes 8.0.x
 * IBM Lotus Notes 7.x
 * IBM Lotus Notes 6.x
 * IBM Lotus Notes 5.x

Immune Systems:
 * Lotus Notes 8.5.2 Fix Pack 2 [Interim Fix 1]
 * Lotus Notes 8.5.2 Fix Pack 3
 * Lotus Notes 8.5.3

A memory corruption vulnerability in the Lotus Notes client application can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted spreadsheet files with the .XLS extension. The vulnerability arises from improper parsing of a BIFF record. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.

Patch Availability:
IBM has issued a security alert describing fixes and workarounds for this vulnerability.
The technical note is available at:
https://www-304.ibm.com/support/docview.wss?uid=swg21500034

Workaround:
As a workaround, disable the viewer as described in the ‘Options to disable viewers within Lotus Notes’ section of the IBM technical note.

Disclosure Timeline:
Date published: 2011-05-24
Date of last update: 2011-05-24′

Categories: Windows