A researcher has discovered a critical vulnerability in IBM Lotus Notes, which could be exploited by attackers remotely to cause a buffer overflow and gain access to a victim's machine.
The flaw is in the way the Lotus 1-2-3 email client processes a .123 file with its file viewer. An attacker can exploit the flaw to crash the application or trick a user into double clicking and viewing a specially crafted attachment, according to an advisory issued Tuesday by the French Security Incident Response Team(FrSIRT).
Lotus Notes version 7.x is affected and possibly versions 8.x and 6.5.6 as well as other software packages using Verity KeyView SDK.
FrSIRT rated the vulnerability "critical" since it could be exploited both remotely and locally. Danish vulnerability clearinghouse Secunia labeled the threat "highly critical" in its Secunia SA27836 advisory.
Sebastián Muñiz, a research engineer and exploit writer with Core Security is credited with discovering the flaw. In an advisory issued by Core, Muniz said successful exploitation requires end-user interaction, but it could be easy to trick an end-user with a simple .jpg or .gif file.
"Although these specific vulnerabilities exist on a third–party component the problem is compound by the way Lotus Notes displays information about attachments, making it easier to elicit unsuspecting assistance from the users to exploit them," he said.
IBM has issued a patch for the flaw. Core said Lotus users have several workarounds to prevent end-users from viewing the files. The keyview.ini file can be deleted in the Notes program directory to disable all viewers.