CVE-2011-1213 : Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes b

Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.

Published 2011-05-31 20:55:02

Updated 2017-09-19 01:32:27

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2011-1213

IBM » Lotus Notes
Versions up to, including, (<=) 8.5.2.2
cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 4.5
cpe:2.3:a:ibm:lotus_notes:4.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.1
cpe:2.3:a:ibm:lotus_notes:5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.2
cpe:2.3:a:ibm:lotus_notes:5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0
cpe:2.3:a:ibm:lotus_notes:5.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.3
cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.4
cpe:2.3:a:ibm:lotus_notes:5.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 4.6
cpe:2.3:a:ibm:lotus_notes:4.6:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.10
cpe:2.3:a:ibm:lotus_notes:5.0.10:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.11
cpe:2.3:a:ibm:lotus_notes:5.0.11:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.5
cpe:2.3:a:ibm:lotus_notes:5.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.9a
cpe:2.3:a:ibm:lotus_notes:5.0.9a:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.3
cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5
cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.1
cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0
cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.1
cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.2
cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.5
cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.2
cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.4
cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.3
cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.4
cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.5
cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.0
cpe:2.3:a:ibm:lotus_notes:7.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.1
cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0
cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.12
cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.2
cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.3
cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0
cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.1
cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.0
cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.6
cpe:2.3:a:ibm:lotus_notes:6.5.6:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5
cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.02
cpe:2.3:a:ibm:lotus_notes:5.02:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.6
cpe:2.3:a:ibm:lotus_notes:5.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.1
cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.1.1
cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.2.5
cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.2.3
cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.2.4
cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.2
cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.2.0
cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.2.1
cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.2.2
cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.1.3
cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.1.4
cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.0.0
cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.0.1
cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.1.0
cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.1.2
cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.2 Update CF1
cpe:2.3:a:ibm:lotus_notes:6.0.2:cf1:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.1 Update CF3
cpe:2.3:a:ibm:lotus_notes:6.0.1:cf3:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.7
cpe:2.3:a:ibm:lotus_notes:5.0.7:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.6a.01
cpe:2.3:a:ibm:lotus_notes:5.0.6a.01:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.4a
cpe:2.3:a:ibm:lotus_notes:5.0.4a:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.4
cpe:2.3:a:ibm:lotus_notes:7.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.1 Update CF2
cpe:2.3:a:ibm:lotus_notes:6.0.1:cf2:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.9
cpe:2.3:a:ibm:lotus_notes:5.0.9:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.5.02
cpe:2.3:a:ibm:lotus_notes:5.0.5.02:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.2a
cpe:2.3:a:ibm:lotus_notes:5.0.2a:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 4.2
cpe:2.3:a:ibm:lotus_notes:4.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 4.6.7a
cpe:2.3:a:ibm:lotus_notes:4.6.7a:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.2.6
cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.2.1
cpe:2.3:a:ibm:lotus_notes:7.0.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.6.1
cpe:2.3:a:ibm:lotus_notes:6.5.6.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.6.2
cpe:2.3:a:ibm:lotus_notes:6.5.6.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.4.3
cpe:2.3:a:ibm:lotus_notes:6.5.4.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.3.1
cpe:2.3:a:ibm:lotus_notes:6.5.3.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.1b
cpe:2.3:a:ibm:lotus_notes:5.0.1b:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.1a
cpe:2.3:a:ibm:lotus_notes:5.0.1a:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 3.0.0.1
cpe:2.3:a:ibm:lotus_notes:3.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 3.0
cpe:2.3:a:ibm:lotus_notes:3.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.2.1
cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.3.1
cpe:2.3:a:ibm:lotus_notes:7.0.3.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.4.1
cpe:2.3:a:ibm:lotus_notes:7.0.4.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.4.2
cpe:2.3:a:ibm:lotus_notes:7.0.4.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.5.1
cpe:2.3:a:ibm:lotus_notes:6.5.5.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.5.2
cpe:2.3:a:ibm:lotus_notes:6.5.5.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.1 Update CF1
cpe:2.3:a:ibm:lotus_notes:6.0.1:cf1:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.6a
cpe:2.3:a:ibm:lotus_notes:5.0.6a:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.2c
cpe:2.3:a:ibm:lotus_notes:5.0.2c:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.2b
cpe:2.3:a:ibm:lotus_notes:5.0.2b:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0a
cpe:2.3:a:ibm:lotus_notes:5.0a:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 4.2.2
cpe:2.3:a:ibm:lotus_notes:4.2.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 4.2.1
cpe:2.3:a:ibm:lotus_notes:4.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.2.0
cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5.1.5
cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.1.1
cpe:2.3:a:ibm:lotus_notes:7.0.1.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.4.0
cpe:2.3:a:ibm:lotus_notes:7.0.4.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.4.1
cpe:2.3:a:ibm:lotus_notes:6.5.4.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.4.2
cpe:2.3:a:ibm:lotus_notes:6.5.4.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.2 Update CF2
cpe:2.3:a:ibm:lotus_notes:6.0.2:cf2:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.8
cpe:2.3:a:ibm:lotus_notes:5.0.8:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.7a
cpe:2.3:a:ibm:lotus_notes:5.0.7a:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.5.01
cpe:2.3:a:ibm:lotus_notes:5.0.5.01:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.1.02
cpe:2.3:a:ibm:lotus_notes:5.0.1.02:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.1c
cpe:2.3:a:ibm:lotus_notes:5.0.1c:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 4.6.7h
cpe:2.3:a:ibm:lotus_notes:4.6.7h:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 3.0.0.2
cpe:2.3:a:ibm:lotus_notes:3.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.2.2
cpe:2.3:a:ibm:lotus_notes:7.0.2.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.2.3
cpe:2.3:a:ibm:lotus_notes:7.0.2.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.6.3
cpe:2.3:a:ibm:lotus_notes:6.5.6.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.5.3
cpe:2.3:a:ibm:lotus_notes:6.5.5.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.2.2
cpe:2.3:a:ibm:lotus_notes:6.0.2.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-1213

EPSS FAQ

81.77%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2011-1213

Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh Attachment)

Disclosure Date: 2011-05-24

First seen: 2020-04-26

exploit/windows/fileformat/lotusnotes_lzh

This module exploits a stack buffer overflow in Lotus Notes 8.5.2 when parsing a malformed, specially crafted LZH file. This vulnerability was discovered binaryhouse.net Authors: - binaryhouse.net - alino <26alino@gmail.com>

More information
Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh Attachment)

Disclosure Date: 2011-05-24

First seen: 2020-04-26

exploit/windows/lotus/lotusnotes_lzh

This module exploits a stack buffer overflow in Lotus Notes 8.5.2 when parsing a malformed, specially crafted LZH file. This vulnerability was discovered binaryhouse.net Authors: - binaryhouse.net - alino <26alino@gmail.com>

More information

CVSS scores for CVE-2011-1213

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-1213

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1213

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14634

Repository / Oval Repository
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=904
http://securityreason.com/securityalert/8285

Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh attachment) - CXSecurity.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/67620

IBM Lotus Notes lzhsr.dll buffer overflow CVE-2011-1213 Vulnerability Report
http://www.securityfocus.com/bid/47962

RETIRED: IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities

CVEs referencing this url
http://www.ibm.com/support/docview.wss?uid=swg21500034

IBM notice: The page you requested cannot be displayed

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2011-1213