Zero Day Initiative Advisory 10-158 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes Email Client. User interaction is required to exploit this vulnerability in that the target must open a malicious email attachment. The specific flaw exists within the Lotus Notes file viewer utilizing the KeyView SDK to render a malformed .wk3 document. The application will mistrust a length used to allocate a buffer. Later, the application will use a differently calculated length in a copy used to initialize that buffer. This leads to a buffer overflow and can lead to code execution under the context of the application.
aa87f560104a2a07040f49eb78c2fb02bb94b9f1b12d0051ae242816f00c2219