IBM_Lotus_Notes_WPD_Attachment_Viewer_Buffer_Overflow_attack

There exist a buffer overflow vulnerability in IBM Lotus Notes WPD viewer. The vulnerability is due to a boundary error while processing crafted WordPerfect (.wpd) files. A remote attacker could exploit this vulnerability by persuading a target user to open a malicious WPD file in Lotus email attachment. Successful exploitation of this vulnerability may allow arbitrary code injection and execution within the context of the logged in user. In an attack case where code injection is not successful, all instances of the vulnerable IBM Lotus Notes application will terminate. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. The affected application would also most likely stop functioning as a result of such an attack.