Saturday, May 28, 2011

Vulnerabilities Affecting IBM Lotus Notes

There have been found buffer overflow vulnerabilities in IBM Lotus Notes for Windows. The vulnerabilities could allow an attacker to execute arbitrary code in target system. To exploit the vulnerabilities user can be lured to open specially crafted file attachment.

Affected software:
IBM Lotus Notes 8.5.2
IBM Lotus Notes 8.5.1
IBM Lotus Notes 8.0.x
IBM Lotus Notes 7.x
IBM Lotus Notes 6.x
IBM Lotus Notes 5.x

At the moment there's a patch available for version 8.5.2 only. Users of other affected versions are advised to turn vulnerable feature off until the fix is available. More information about workarounds here.

No comments: