A Lotus Technical Blog by the MartinScott Team

Two Notes Client Security Vulnerabilities You Need to Know About!

Franziska Tanner  September 10 2009 11:30:51 AM
1. Potential security issue with Lotus Notes file viewer for Microsoft Excel

Per this technote, a vulnerability was recently found, allowing for malicious code to be run in the IBM Lotus Notes client, if a particular Microsoft Excel Spreadsheet is viewed (not launched or edited) by the user. Both iDefense and Symantec have released advisories on this issue, which can be found here and here. http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=823 Link to related Symantec advisory http://www.symantec.com/business/security_response/securityupdates/list.jsp?fid=security_advisory

For IBM Lotus Notes client versions 7 or 8, this issue can be resolved by calling IBM or opening a support call here and requesting the fix. There are also manual steps outlines in the technote and there is no fix for previous versions of Notes

2. IBM Lotus Notes 8.5 RSS Widget Privilege Escalation

If you're using the new (to client version 8 and above) RSS feed reader, it is possible for a maliciously created RSS site to exploit this vulnerability in IBM Lotus Notes 8.x standard clients. The type of situation where this is a threat are quite particular on this issue, so be sure to read the technote here for more information.

No Comments Found