Full-Disclosure had an interesting note about IBM's Lotus Notes and a new buffer overflow. The vulnerability is due to a third party dll, DUNZIP32.dll. IBM has issued a patch for versions 6, and 7 Users using version 5 are advised not to open zip files within lotus notes. This exploit does allow an attacker to execute arbitrary code should you open an infected zip file.
Many other software packages using old versions of DUNZIP32.dll are affected by this exploit. |
Michael 18 Posts Sep 6th 2006 |
Thread locked Subscribe |
Sep 6th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!