Rare bug blights Lotus Notes
Print1-2-3 hack risk
Posted in Enterprise Security, 28th November 2007 10:39 GMT
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Security researchers have discovered a rare, and potentially serious, security bug in Lotus Notes. A buffer overflow flaw in IBM's groupware package enables hackers to trick users into running hostile code on vulnerable systems.
The security bug stems from boundary errors within the Lotus 1-2-3 file viewer (l123sr.dll) component. Successful exploitation of the bug involves tricking users into viewing maliciously crafted Lotus 1-2-3 attachments, designed to allow the execution of arbitrary code on vulnerable systems.
The flaws, discovered by security researchers with Core Security, affect versions 7.x and 8.x of Lotus Notes. Other versions may also be affected.
Sys admins are advised to contact IBM support for patches, as explained here. ®
Free whitepaper – Vulnerability management buyer's checklist
Analyst Keynote: The Register Agile Data Center Summit
What Exchange can't do - and Dell can
Enabling The Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive