Headline
123elf Project Buffer Overflow
A stack buffer overflow was reported in the cell format processing routines for 123elf, a project that brings Lotus 1-2-3 to Linux. If a victim opens an untrusted malicious worksheet, code execution could occur.
# AboutThe 123 command is a spreadsheet application for UNIX-based systems thatcan be used in interactive mode to create and modify financial andscientific models.For more information, see https://123r3.net# AdvisoryA stack buffer overflow was reported in the cell format processingroutines. If a victim opens an untrusted malicious worksheet, codeexecution could occur.There have been no reports of this vulnerability being exploited in the wild.We take your security very seriously, in fact, this is the first knownvulnerability reported in Lotus 1-2-3 R3 since it's release in September1990.# CreditThis issue was reported to the 123elf project by dbastone.# SolutionA new release has been prepared to resolve this issue, we recommendaffected users upgrade immediately.https://github.com/taviso/123elf/Lotus 1-2-3 releases for other platforms are affected, but are notactively maintained. MS-DOS, OS/2, OpenVMS, z/OS and SysV/386 users areadvised to migrate to Linux to continue receiving updates.-- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger [email protected]_\_V _( ) _( ) @taviso