Ibm · Lotus 1-2-3 R3 For Unix · CVE-2022-39843
**Name of the Vulnerable Software and Affected Versions**
123elf Lotus 1-2-3 versions prior to 1.0.0rc3
Lotus 1-2-3 R3 for UNIX and other platforms versions prior to 9.8.2
**Description**
The issue allows attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from `process fmt()` that can be reached via a `w3r format` element in a `wk3` document.
**Recommendations**
For 123elf Lotus 1-2-3 versions prior to 1.0.0rc3, update to version 1.0.0rc3 or later.
For Lotus 1-2-3 R3 for UNIX and other platforms versions prior to 9.8.2, update to version 9.8.2 or later.