PT-2013-4072 · Ibm · Ibm Inotes
Published
2013-05-10
·
Updated
2017-08-29
·
CVE-2013-2977
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM Notes versions 8.5.x before 8.5.3 FP4 Interim Fix 1
IBM Notes versions 9.x before 9.0 Interim Fix 1 on Windows
IBM Notes versions 8.5.x before 8.5.3 FP5 on Linux
IBM Notes versions 9.x before 9.0.1 on Linux
Description
The issue allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message. This occurs due to an integer overflow.
Recommendations
For IBM Notes versions 8.5.x before 8.5.3 FP4 Interim Fix 1, update to 8.5.3 FP4 Interim Fix 1 or later.
For IBM Notes versions 9.x before 9.0 Interim Fix 1 on Windows, update to 9.0 Interim Fix 1 or later.
For IBM Notes versions 8.5.x before 8.5.3 FP5 on Linux, update to 8.5.3 FP5 or later.
For IBM Notes versions 9.x before 9.0.1 on Linux, update to 9.0.1 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Inotes