Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.
Published 2011-05-31 20:55:02
Updated 2017-09-19 01:32:27
Source MITRE
View at NVD,   CVE.org
Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2011-1213

91.51%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2011-1213

  • Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh Attachment)
    Disclosure Date: 2011-05-24
    First seen: 2020-04-26
    exploit/windows/fileformat/lotusnotes_lzh
    This module exploits a stack buffer overflow in Lotus Notes 8.5.2 when parsing a malformed, specially crafted LZH file. This vulnerability was discovered binaryhouse.net Authors: - binaryhouse.net - alino <26alino@gmail.com>
  • Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh Attachment)
    Disclosure Date: 2011-05-24
    First seen: 2020-04-26
    exploit/windows/lotus/lotusnotes_lzh
    This module exploits a stack buffer overflow in Lotus Notes 8.5.2 when parsing a malformed, specially crafted LZH file. This vulnerability was discovered binaryhouse.net Authors: - binaryhouse.net - alino <26alino@gmail.com>

CVSS scores for CVE-2011-1213

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST

CWE ids for CVE-2011-1213

  • Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1213

Products affected by CVE-2011-1213

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!