IBM_Lotus_Notes_WPD_Attachment_Handling_Buffer_Overflow_attack

A stack-based buffer overflow vulnerability exists in the IBM Lotus Notes WPD. The vulnerability is due to a boundary-check error when processing Corel WordPerfect (WPD) files. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted Corel WordPerfect file to the target users, potentially causing arbitrary code to be injected and executed on the target system in the security context of the current user. In an attack case where code injection is not successful, the instance of the vulnerable IBM Lotus Notes application will terminate abnormally. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.