Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1213

CWE-1894 documents4 sources
Severity
9.3CRITICAL
EPSS
74.6%
top 1.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Notes
Timeline
PublishedMay 31
Latest updateMay 17

Description

Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDibm/lotus_notes8.5.2.2+100

🔴Vulnerability Details

2
GHSA
GHSA-hjxm-p5wf-9v7p: Integer underflow in lzhsr2022-05-17
CVEList
CVE-2011-1213: Integer underflow in lzhsr2011-05-31

💥Exploits & PoCs

1
Exploit-DB
Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview ('.lzh' Attachment) (Metasploit)2011-06-23
CVE-2011-1213 (CRITICAL CVSS 9.3) | Integer underflow in lzhsr.dll in A | cvebase.io