Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in kvarcve.dll when constructing the full pathname of a compressed file to check for its existence before extracting it from a ZIP archive. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code when the user extracts a compressed file with a long filename from within the Notes attachment viewer. Affected versions is Lotus Notes 6.5.4.
29ad1e0fb254d307e5c210c27de6309dbcbeec3d980b62f37a53ae596b9a9d23
Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in uudrdr.dll when handling an UUE file containing an encoded file with an overly long filename. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code when a malicious UUE file is opened in the Notes attachment viewer. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
a512a74bf2eb5426a6ef1b0505c9c30d26592de02c1368592f882f68346bf269
Secunia Research has discovered a vulnerability in Lotus Notes, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the TAR reader (tarrdr.dll) when extracting files from a TAR archive. This can be exploited to cause a stack-based buffer overflow via a TAR archive containing a file with a long filename. Successful exploitation allows execution of arbitrary code, but requires that the user views a malicious TAR archive and chooses to extracts a compressed file to a directory with a very long path (more than 220 bytes). Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
6005828ac70516cca59ccdd67b173d13de808ad823e9db5ee755b74356259601
Secunia Research has discovered two boundary condition vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a user's system. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
29f10a8be4d832d76d5eb82cfe358a7b3f93f0c6b5d02a8a2ab7c319b4d1c85b