what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

123elf Project Buffer Overflow

123elf Project Buffer Overflow
Posted Sep 6, 2022
Authored by Tavis Ormandy

A stack buffer overflow was reported in the cell format processing routines for 123elf, a project that brings Lotus 1-2-3 to Linux. If a victim opens an untrusted malicious worksheet, code execution could occur.

tags | advisory, overflow, code execution
systems | linux
SHA-256 | 5476d681c79c06b3da58fefb626a51d12aa1fe3643baa4e0015d28e482653efb

123elf Project Buffer Overflow

Change Mirror Download
# About

The 123 command is a spreadsheet application for UNIX-based systems that
can be used in interactive mode to create and modify financial and
scientific models.

For more information, see https://123r3.net

# Advisory

A stack buffer overflow was reported in the cell format processing
routines. If a victim opens an untrusted malicious worksheet, code
execution could occur.

There have been no reports of this vulnerability being exploited in the wild.

We take your security very seriously, in fact, this is the first known
vulnerability reported in Lotus 1-2-3 R3 since it's release in September
1990.

# Credit

This issue was reported to the 123elf project by dbastone.

# Solution

A new release has been prepared to resolve this issue, we recommend
affected users upgrade immediately.

https://github.com/taviso/123elf/

Lotus 1-2-3 releases for other platforms are affected, but are not
actively maintained. MS-DOS, OS/2, OpenVMS, z/OS and SysV/386 users are
advised to migrate to Linux to continue receiving updates.

--
_o) $ lynx lock.cmpxchg8b.com
/\\ _o) _o) $ finger taviso@sdf.org
_\_V _( ) _( ) @taviso


Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close