CVE-2013-2977
IBM Notes 8.5.x-8.5.3 FP4 and 9.x - Remote Code Execution via Malformed PNG Image
Title source: manualExploitation Summary
EIP tracks 1 public exploit for CVE-2013-2977. PoCs published by defrancescojp.
AI-analyzed exploit summary This PoC exploits an integer overflow in IBM Lotus Notes' PNG parsing to achieve arbitrary code execution via a maliciously crafted email. The exploit constructs a malicious PNG file with controlled dimensions to trigger a heap overflow.
Description
Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.
Exploits (1)
This PoC exploits an integer overflow in IBM Lotus Notes' PNG parsing to achieve arbitrary code execution via a maliciously crafted email. The exploit constructs a malicious PNG file with controlled dimensions to trigger a heap overflow.