Lotus Notes - Security Vulnerability - Oct. 26, 2007
A Lotus Notes security flaw has been discovered. The flaw is in the Lotus Notes File Attachments Viewer. The flaw can be exploited if a user opens an e-mail attachment with malicious code.
Infected e-mail attachments with the following extensions can trigger the vulnerability if opened with the Notes File Attachments Viewer:
- Wordperfect (.wpd)
- Ami Pro (.sam)
- Adobe Acrobat FrameMaker Interchange (.mif)
- Microsoft Word (.doc)
- Applix Words (.aw)
- Applix Presents (.ag)
- Dynamic Link Library (.dll)
- Microsoft Rich Text Format (.rtf)
- Portable Executable (.exe)
Recommendations:
We recommend considering the following actions:
- Do not open e-mail attchments from anyone you don't know.
- Keep your virus definitions up to date.
- Upgrade to latest version of Lotus Notes release 7.0.3 which is not affected by this vulnerability. Lotus Notes 7.0.3 will be available on Softweb as of 10 a.m. on Tuesday, Oct. 30, 2007. Contact Client Support (x 2-9800) or the Help Desk (x 4-HELP) for upgrade instructions.
- If upgrading is not possible at this time, consider not using the Lotus Notes Attachments Viewer feature. You may download or save the attachment, scan it with Symantec AntiVirus, and then open it with the appropriate software.
More From the IBM Web Site:
Buffer overflow vulnerability in Lotus Notes file viewers (multiple file formats)
Buffer overflow vulnerability in Lotus Notes file viewers (.wpd, .sam, .doc, and .mif)
