CVE-2011-1213

Name of the Vulnerable Software and Affected Versions IBM Lotus Notes versions prior to 8.5.2 FP3

Description The issue is related to an integer underflow in the lzhsr.dll component of Autonomy KeyView, used in IBM Lotus Notes. This can be exploited by remote attackers via a crafted header in a .lzh attachment, leading to a stack-based buffer overflow and potentially allowing the execution of arbitrary code.

Recommendations For versions prior to 8.5.2 FP3, update to version 8.5.2 FP3 or later to resolve the issue. As a temporary workaround, consider restricting the handling of .lzh attachments to minimize the risk of exploitation.