IBM Lotus Notes Memory Corruption Errors in Various File Readers Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1024261 |
|
SecurityTracker URL: http://securitytracker.com/id?1024261
|
|
CVE Reference:
CVE-2009-3032, CVE-2010-0126, CVE-2010-0131, CVE-2010-0133, CVE-2010-0135, CVE-2010-1524, CVE-2010-1525
(Links to External Site)
|
Date: Jul 29 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 8.5.2
|
Description:
Several vulnerabilities were reported in IBM Lotus Notes. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
The Lotus 1-2-3 Spreadsheet file reader (wkssr.dll) is affected [CVE-2010-0131, CVE-2010-0133, CVE-2010-1525, CVE-2010-1524]. IBM has assigned SPRs PRAD83F4CU, PRAD83M2UM, and PRAD83ML59 to these vulnerabilities. Carsten Eiram of Secunia Research reported these vulnerabilities.
The Microsoft Office Spreadsheet reader (wkssr.dll) is affected. IBM has assigned SPRs PRAD8225G4 and PRAD8225K3 to these vulnerabilities. TippingPoint's Zero Day Initiative reported these vulnerabilities.
The Microsoft Office Word reader (kpmsordr.dll) is affected. IBM has assigned SPR PRAD8225BX to this vulnerability. TippingPoint's Zero Day Initiative reported this vulnerability.
The Microsoft Word 2.0 reader (mwsr.dll) is affected. IBM has assigned SPR PRAD82255P to this vulnerability. TippingPoint's Zero Day Initiative reported this vulnerability.
The OLE document reader (kvolefio.dll) is affected [CVE-2009-3032]. IBM has assigned SPR PRAD7WK4NV to this vulnerability. iDefense reported this vulnerability.
The QuattroPro speed reader (qpssr.dll) is affected [CVE-2010-0126]. IBM has assigned SPR PRAD837LDA to this vulnerability. Carsten Eiram of Secunia Research reported this vulnerability.
The WordPerfect 5 reader (wosr.dll) is affected [CVE-2010-0135]. IBM has assigned SPR PRAD83M367 to this vulnerability. Carsten Eiram of Secunia Research reported this vulnerability.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued a fix (8.5.2; see patch matrix in vendor's advisory for additional fixed versions).
The vendor's advisory is available at:
http://www-01.ibm.com/support/docview.wss?uid=swg21440812
|
Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg21440812 (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
Linux (Any), UNIX (OS X), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 29 Jul 2010 03:12:48 +0000
Subject: IBM Lotus Notes
|
http://www-01.ibm.com/support/docview.wss?uid=swg21440812
Lotus 1-2-3 Spreadsheet (wkssr.dll)
CVE-2010-0131 SPR PRAD83F4CU
CVE-2010-0133 & CVE-2010-1525 SPR PRAD83M2UM
CVE-2010-1524 SPR PRAD83ML59
Microsoft Office Spreadsheet (wkssr.dll)
SPR PRAD8225G4
SPR PRAD8225K3
Microsoft Office Word (kpmsordr.dll)
SPR PRAD8225BX
Microsoft Word 2.0 (mwsr.dll)
SPR PRAD82255P
OLE document (kvolefio.dll)
CVE-2009-3032 SPR PRAD7WK4NV
QuattroPro speed reader (qpssr.dll)
CVE-2010-0126 SPR PRAD837LDA
WordPerfect 5 (wosr.dll)
CVE-2010-0135 SPR PRAD83M367
|
|
