CVE-2022-44755
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView
In short
HCL Notes has a buffer overflow flaw in a file processing library that can be triggered by opening a specially crafted document. An attacker can use this to crash the application or run malicious code without needing to log in.
Technical detail
Stack-based buffer overflow in lasr.dll (Micro Focus KeyView) within HCL Notes allows remote unauthenticated attackers to achieve arbitrary code execution or denial of service by crafting malicious Lotus Ami Pro files. The vulnerability is triggered during file parsing without requiring authentication or user interaction beyond opening the file.
Summary generated and translated by AI from the official description.
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
HCL Software · NotesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →