Errors in some third party file attachment viewers connected to IBM Lotus Notes can be exploited by an attacker...
to bypass some security programs and gain access to sensitive information.
IBM issued a technote advisory, warning users of the problems and advising users of workarounds and updates. Version 7.0.3 or 8.0 of Lotus Notes repairs some of the flaws.
"To successfully exploit these vulnerabilities, an attacker would need to send a specially crafted file attachment to users, and the users would then have to double-click and view the attachment," IBM said.
Danish vulnerability clearinghouse Secunia labeled the threat "highly critical" in its Secunia SA27279 advisory. Secunia said the holes could be remotely "exploited by malicious, local users to gain knowledge of potentially sensitive information and by malicious people to bypass certain security mechanisms or compromise a user's system."
In addition, a boundary error when parsing HTML messages in nnotes.dll can be exploited to cause a buffer overflow when a user replies, forwards or copies a malicious HTML message, Secunia said.
Security researcher Tan Chew Keong is credited with discovering some of the vulnerabilities. Keong said in a posting at insecure.org that multiple exploitable buffer overflow vulnerabilities were found within a file attachment viewer in Lotus Notes.
"The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes," Keong said.
Also credited with the discovery were ZDI, VeriSign iDefense Labs, Ed Schaller, Ollie Whitehouse of Symantec, Dan Ritter and the VCC.