IBM patches Lotus flaw

The vulnerabilities affect versions of Lotus Notes 6.5.4 and 7.0 or earlier, according to an advisory released Friday by security firm Secunia, which discovered the flaws.

"This is big problem because a very large number of corporations use Lotus Notes," said Thomas Kristensen, Secunia's chief technology officer. "When users receive an e-mail with an attachment, all they have to do is click on the attachment to read it, and their systems are vulnerable to a remote attack."

IBM issued a security update, 7.0.1, this week and 6.5.5 in December.

"Secunia contacted IBM Lotus to report five buffer overflow vulnerabilities and one directory traversal vulnerability in the KeyView viewers used in Lotus Notes," IBM said its in its security advisory. "To successfully exploit these issues, an attacker would need to send a specially crafted file attachment to users, and the users would have double click and 'view' the attachment."

One flaw, for example, occurs when checking for the existence of a compressed file in a ZIP archive. Vulnerabilities in Notes could be exploited when a user extracts a compressed file with a long file name within the Notes attachment viewer, leading to a buffer overflow and remote execution of code, according to Secunia.

Users may also find their systems exploited when using the Notes attachment viewer to open an encoded file with an overly long file name. A malicious encoded file could result in a buffer overflow and remote code execution, Kristensen said.

Lotus' attachment viewer, a built-in function of the software, allows users to view a wide range of file formats without requiring the specific application to be installed on their system to read the file.

Other vulnerabilities found in Lotus Notes include a boundary error in the HTML speed reader. When a user views a malicious HTML document, an attacker would exploit the flaw and take over a user's system that was running Lotus Notes.