Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Core Security Discovers Vulnerability in Lotus Notes
Users vulnerable to attack when viewing corrupt Lotus 1-2-3 file attachments
1 Min Read
BOSTON -- Core Security Technologies, provider of CORE IMPACT, the most comprehensive product for performing enterprise security assurance testing, today issued an advisory disclosing several vulnerabilities that could severely impact the thousands of organizations using IBM Lotus Notes. The buffer overflow vulnerabilities affect the groupware application and the ability to elicit users to open corrupt email attachments.
The email functionality of Lotus Notes supports previewing and processing file attachments in various formats. A researcher from CoreLabs, the research arm of Core Security, discovered that by exploiting vulnerabilities in the Lotus WorkSheet file processor, an attacker could leverage a specially crafted Lotus 1-2-3 email attachment to remotely execute arbitrary commands and compromise vulnerable systems when users “view” the attachment.
“This is a severe threat to organizations that use Lotus Notes for corporate email communications,” said Ivan Arce, CTO at Core Security Technologies. “The discovery of this vulnerability in the Lotus Notes client underlines, once again, that securing endpoint systems and the applications that run on them is critical and that no vendor is immune to the perils of client application security. Vulnerable organizations should be prepared to quickly deploy the appropriate fixes and workarounds and users of the Lotus Notes client should use caution when presented with unknown file attachments, especially those from unfamiliar senders.”
About the Author
You May Also Like
More Insights
