Lotus Notes Multiple Keyview Parsing Vulnerabilities

Vulnerabilities in various third-party file viewing applications can leave systems using Lotus Notes open to compromise. In specific situations, specially crafted files can allow for the execution of arbitrary code. Lotus Notes versions 7.0.3 and 8.0 are known to be vulnerable, other versions may also have issues. The file types that can be used to leverage this vulnerability are:
 Applix Presents (.ag)
 Folio Flat File (.fff)
 HTML speed reader (.htm)
 KeyView document viewing engine
 Text mail (MIME)

These issues were originally discovered by the Secunia Research team. More information can be found at: http://secunia.com/advisories/28210

IBM’s response, including remediation suggestions is available at: http://www.ibm.com/support/docview.wss?rs=463&uid=swg21298453

Leave a Reply