Using IBM Lotus Notes Could be Damaging

Date: August 26, 2009

large_lecertlg.gifIf you are a current user of the various IBM software programs, you might remember the recent occurrences of vulnerabilities exploited by malicious people. A short while ago, actually only a week ago, double trouble was found in IBM DB2. Not long after that another IBM software program, IBM Tivoli Identity Manager was found vulnerable.

This time the IBM software program that vicious users are out to exploit is IBM Lotus Notes. I can guess that a large number of IBM software users are using IBM Lotus Notes. To those users who don't use this particular software program but are interested in it and the vulnerability associated with the program, I will tell you what IBM Lotus Notes is and how it operates.

Lotus Notes is a client-server, collaborative application. The Notes client is a multi-purpose client that can be used for sending and getting emails, calendaring, PIM, instant messaging, web browsing, and a range of feature rich custom applications. The client can be used to access both local (on a hard drive) or server based applications and data. Some files associated with IBM Lotus Notes include: f10494_ntmulti.exe, nsl.ex, f7076_nlnotes.exe, f4700_nnotesmm.exe and f7387_ntaskldr.exe.

The discovered keyview buffer overflow vulnerability in Lotus Notes could be exploited by attackers with a sinister aim to compromise a sensitive user's computer system and execute arbitrary code. The vulnerability was announced and confirmed in the IBM Lotus Notes versions listed below:

Affected Products
IBM Lotus Notes versions 8.5.x 
IBM Lotus Notes versions 8.0x 
IBM Lotus Notes versions 7.x 
IBM Lotus Notes versions 6.x 
IBM Lotus Notes versions 5.x 

 Table 1.  Affected software

This weakness is generated by a buffer overflow error in the File Viewer for Excel (xlssr.dll) while handling a malicious XLS document, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code. Attackers could damage a computer system in this way if a user is persuaded to double-click a manipulated attachment and select "View".


  Image 1.  IBM Loutus Notes application

The last but undoubtedly most important and gratifying fact relates to a solution for this vulnerability. At present, a patch is available. In addition, a fix is intended to be included in the next major release of Lotus Notes. IBM users should note that this security issue was found to affect Windows-based Notes clients. Conversely, it does not influence Lotus Domino servers. Users are highly encouraged to practice caution while opening or viewing unknown file attachments. Users should also remember to follow the latest vulnerability bulletins.

Home Computer Security Using IBM Lotus Notes Could be Damaging


  • Richard says:

    A very sensational title. IBM have released a patch for this issue, so what's the problem? Why not Compare the security of lotus notes to Microsoft exchange - exchange is wide open to all kinds of nasty exploits. Notes has a very granular and rock solid security model.

  • Simon O'Doherty says:

    Somewhat sensationalistic title.

    The tech note you link to at the very end of the article tells you how to disable the exploit. Might be better to have said that first.

Leave a Reply

What is 14 + 13 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math.