PT-2022-25032 · Ibm · Lotus 1-2-3 R3 For Unix
Dbastone
·
Published
2022-09-05
·
Updated
2022-09-09
·
CVE-2022-39843
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
123elf Lotus 1-2-3 versions prior to 1.0.0rc3
Lotus 1-2-3 R3 for UNIX and other platforms versions prior to 9.8.2
Description
The issue allows attackers to execute arbitrary code via a crafted worksheet. This occurs because of a stack-based buffer overflow in the cell format processing routines, as demonstrated by a certain function call from
process fmt() that can be reached via a w3r format element in a wk3 document.Recommendations
For 123elf Lotus 1-2-3 versions prior to 1.0.0rc3, update to version 1.0.0rc3 or later.
For Lotus 1-2-3 R3 for UNIX and other platforms versions prior to 9.8.2, update to version 9.8.2 or later.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lotus 1-2-3 R3 For Unix