If you are a current user of the various IBM software programs, you might remember the recent occurrences of vulnerabilities exploited by malicious people. A short while ago, actually only a week ago, double trouble was found in IBM DB2. Not long after that another IBM software program, IBM Tivoli Identity Manager was found vulnerable.
This time the IBM software program that vicious users are out to exploit is IBM Lotus Notes. I can guess that a large number of IBM software users are using IBM Lotus Notes. To those users who don't use this particular software program but are interested in it and the vulnerability associated with the program, I will tell you what IBM Lotus Notes is and how it operates.
Lotus Notes is a client-server, collaborative application. The Notes client is a multi-purpose client that can be used for sending and getting emails, calendaring, PIM, instant messaging, web browsing, and a range of feature rich custom applications. The client can be used to access both local (on a hard drive) or server based applications and data. Some files associated with IBM Lotus Notes include: f10494_ntmulti.exe, nsl.ex, f7076_nlnotes.exe, f4700_nnotesmm.exe and f7387_ntaskldr.exe.
The discovered keyview buffer overflow vulnerability in Lotus Notes could be exploited by attackers with a sinister aim to compromise a sensitive user's computer system and execute arbitrary code. The vulnerability was announced and confirmed in the IBM Lotus Notes versions listed below:
|IBM Lotus Notes versions 8.5.x|
|IBM Lotus Notes versions 8.0x|
|IBM Lotus Notes versions 7.x|
|IBM Lotus Notes versions 6.x|
|IBM Lotus Notes versions 5.x|
Table 1. Affected software
This weakness is generated by a buffer overflow error in the File Viewer for Excel (xlssr.dll) while handling a malicious XLS document, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code. Attackers could damage a computer system in this way if a user is persuaded to double-click a manipulated attachment and select "View".
Image 1. IBM Loutus Notes application
The last but undoubtedly most important and gratifying fact relates to a solution for this vulnerability. At present, a patch is available. In addition, a fix is intended to be included in the next major release of Lotus Notes. IBM users should note that this security issue was found to affect Windows-based Notes clients. Conversely, it does not influence Lotus Domino servers. Users are highly encouraged to practice caution while opening or viewing unknown file attachments. Users should also remember to follow the latest vulnerability bulletins.