CVE-2011-1216

IBM Lotus Notes < 8.5.2.2 - Remote Code Execution via Crafted Applix Spreadsheet Tag

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.

References (6)

Core 6
Core References
Various Sources x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21500034
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47962
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44624
Third Party Advisory third-party-advisory x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=907
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67623
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13796

Scores

EPSS 0.0554
EPSS Percentile 91.9%

Details

CWE
CWE-119
Status published
Products (45)
ibm/lotus_notes 3.0
ibm/lotus_notes 3.0.0.1
ibm/lotus_notes 3.0.0.2
ibm/lotus_notes 4.2
ibm/lotus_notes 4.2.1
ibm/lotus_notes 4.2.2
ibm/lotus_notes 4.5
ibm/lotus_notes 4.6
ibm/lotus_notes 4.6.7a
ibm/lotus_notes 4.6.7h
... and 35 more
Published May 31, 2011
Tracked Since Feb 18, 2026