CVE-2013-2977 PoC — IBM Lotus Notes 整数溢出漏洞

Source

https://github.com/defrancescojp/CVE-2013-2977

Associated Vulnerability

Title:IBM Lotus Notes 整数溢出漏洞 (CVE-2013-2977)
Description:Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.

Description

IBM Lotus Notes PNG Integer Overflow

Readme

IBM Lotus Notes PNG Integer Overflow - CVE-2013-2977
====================================================

IBM Lotus Notes is the client of a collaborative client-server plataform, being IBM Lotus Domino the application server. The email-client capability is one of its most important and used features. IBM Lotus Notes fails to correctly parse a PNG image file embedded in an email. Arbitrary code execution is proved possible after a malicious email is opened or just previewed.


Summary
=======
* Title: IBM Lotus Notes PNG Integer Overflow
* CVE ID: CVE-2013-2977
* Permalink: http://blog.binamuse.com/2013/05/lotus-notes-cve-2013-2977.html
* Advisory Published: 2013-05-16
* Class: Client Side / Remote by mail

File Snapshot


 [4.0K]  /data/pocs/ec0e5a60cedb5e48d1647c74657340579cea34ac
├── [ 15K]  IBMNotesPNGExploit.py
├── [163K]  NOTESReport.pdf
├── [ 18K]  poc.eml
└── [ 718]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!