CVE-2022-44753
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView
In short
HCL Notes has a buffer overflow flaw in a file viewer component that can be triggered by a specially crafted WordPerfect document. An attacker can crash the application or run malicious code without needing to log in.
Technical detail
Stack-based buffer overflow in wp6sr.dll (Micro Focus KeyView) within HCL Notes allows remote unauthenticated code execution or denial of service via malformed WordPerfect files. The vulnerability requires user interaction (opening a crafted file) but no authentication, resulting in critical impact to confidentiality, integrity, and availability.
Summary generated and translated by AI from the official description.
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
HCL Software · NotesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →