CVE-2011-1213

IBM Lotus Notes < 8.5.2.2 - Remote Code Execution via Crafted LZH Attachment

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-1213. PoCs published by Metasploit, binaryhouse.net, including Metasploit module exploits/windows/lotus/lotusnotes_lzh.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Lotus Notes 8.0.x to 8.5.2 FP2 via a malformed LZH attachment. It includes SEH and ROP-based payload delivery for both non-DEP and DEP-enabled targets.

Description

Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17448

This Metasploit module exploits a stack buffer overflow in Lotus Notes 8.0.x to 8.5.2 FP2 via a malformed LZH attachment. It includes SEH and ROP-based payload delivery for both non-DEP and DEP-enabled targets.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Lotus Notes 8.0.x - 8.5.2 FP2
No auth needed
Prerequisites: SMTP access to send malicious email · Victim interaction to open the LZH attachment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by binaryhouse.net · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/lotus/lotusnotes_lzh.rb

This Metasploit module exploits a stack buffer overflow in Lotus Notes 8.0.x to 8.5.2 FP2 via a malformed LZH file attachment. It includes SEH and ROP-based exploitation techniques to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Lotus Notes 8.0.x - 8.5.2 FP2
No auth needed
Prerequisites: Victim must open the malicious LZH attachment in Lotus Notes
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by binaryhouse.net · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/lotusnotes_lzh.rb

This Metasploit module exploits a stack buffer overflow in Lotus Notes 8.0.x to 8.5.2 FP2 via a malformed LZH file. It includes SEH and ROP-based payload delivery for both non-DEP and DEP-enabled targets.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Lotus Notes 8.0.x - 8.5.2 FP2
No auth needed
Prerequisites: Victim must open the malicious LZH file in Lotus Notes
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Various Sources x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21500034
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47962
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=904
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44624
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67620
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14634
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8285

Scores

EPSS 0.3296
EPSS Percentile 98.1%

Details

CWE
CWE-189
Status published
Products (45)
ibm/lotus_notes 3.0
ibm/lotus_notes 3.0.0.1
ibm/lotus_notes 3.0.0.2
ibm/lotus_notes 4.2
ibm/lotus_notes 4.2.1
ibm/lotus_notes 4.2.2
ibm/lotus_notes 4.5
ibm/lotus_notes 4.6
ibm/lotus_notes 4.6.7a
ibm/lotus_notes 4.6.7h
... and 35 more
Published May 31, 2011
Tracked Since Feb 18, 2026