CVE-2011-1512

Name of the Vulnerable Software and Affected Versions IBM Lotus Notes versions prior to 8.5.2 FP3

Description The issue is related to a heap-based buffer overflow in the xlssr.dll component of Autonomy KeyView, used in IBM Lotus Notes. This can be exploited by remote attackers through a malformed BIFF record in a .xls Excel spreadsheet attachment, potentially allowing the execution of arbitrary code.

Recommendations For versions prior to 8.5.2 FP3, update to version 8.5.2 FP3 or later to resolve the issue. As a temporary workaround, consider restricting the handling of .xls attachments in IBM Lotus Notes until the update is applied.