CVE-2013-2977 PoC — IBM Lotus Notes 整数溢出漏洞

Source

https://github.com/lagartojuancho/CVE-2013-2977

Associated Vulnerability

Title:IBM Lotus Notes 整数溢出漏洞 (CVE-2013-2977)
Description:IBM Lotus Notes是美国IBM公司的一个协同办公平台，包含电子邮件、日历、日程安排和业务应用的整合，具有完善的数据库技术、工作流控制和可靠的安全机制。基于Windows平台上的8.5.3 FP4 Interim Fix 1之前的8.5.x版本和9.0 Interim Fix 1之前的9.x版本，基于Linux平台上的8.5.3 FP5之前的8.5.x版本和9.0.1之前的版本9.x中的IBM Notes中存在整数溢出漏洞。远程攻击者可以利用该漏洞在电子邮件中构造一个畸形的PNG图像，在Not

Description

IBM Lotus Notes PNG Integer Overflow

Readme

IBM Lotus Notes PNG Integer Overflow - CVE-2013-2977
====================================================

IBM Lotus Notes is the client of a collaborative client-server plataform, being IBM Lotus Domino the application server. The email-client capability is one of its most important and used features. IBM Lotus Notes fails to correctly parse a PNG image file embedded in an email. Arbitrary code execution is proved possible after a malicious email is opened or just previewed.


Summary
=======
* Title: IBM Lotus Notes PNG Integer Overflow
* CVE ID: CVE-2013-2977
* Permalink: http://blog.binamuse.com/2013/05/lotus-notes-cve-2013-2977.html
* Advisory Published: 2013-05-16
* Class: Client Side / Remote by mail

File Snapshot


 [4.0K]  /data/pocs/9a8cf877c133db325f97d6b4bf9346ce205eef34
├── [ 15K]  IBMNotesPNGExploit.py
├── [163K]  NOTESReport.pdf
├── [ 18K]  poc.eml
└── [ 718]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!