IBM Lotus Notes Vulnerabilities

Today a vulnerability was disclosed that effects IBM Lotus Notes. The issue effects versions 5.x, 6.x, 7.x and 8.x. Specifically, the issue lies within the Lotus Notes viewer, a specially crafted Lotus Notes viewer file (.123 extension) could cause a buffer overflow within the viewer and lead to the execution of arbitrary code.

If you have Lotus Notes 7.x or 8.x, IBM has an update. If you are using version 6.x, or 5.x, there is currently no update. IBM is currently working on an update for 6.x, but will not release one for 5.x. However, a workaround for these versions is to disable the viewer. If the viewer is disabled, then the files will not be opened within Lotus Notes viewer.

Leave a Reply