Patch/Configuration Management, Vulnerability Management

Series of Lotus Notes flaws discovered

Users of IBM's Lotus Notes program have been warned to work around numerous buffer overflow flaws recently discovered by Secunia.

IBM said on its website that the malware monitoring firm notified the company of five overflow vulnerabilities. Malicious users would need a specially made attachment to execute arbitrary code, the company said.

"To successfully exploit these issues, an attacker would need to send a specially crafted file attachment to users, and the users would have to double click and 'view' the attachment," IBM said.

IBM advised users to disable four files specifically affected by the buffer overflow vulnerability.

"In general, users are strongly urged to use caution when opening or viewing unsolicited file attachments," IBM said. "To work around these issues in previous releases of Notes, the affected file viewers can be disabled. The buffer overflow vulnerabilities affect the following files: kvarce.dll, uudrdr.dll, tarrdr.dll and htmsr.dll. The directory traversal vulnerability affects the kvarce.dll file."

The U.S. Computer Emergency Readiness Team also warned users about the flaw, and said users should take note of IBM's workaround.

"By convincing a users to view a specially crafted ZIP file, a remote attacker may be able to execute arbitrary code on a vulnerable system," the agency warned.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.