Java applets run wild inside Notes
'Full compromise' possible
Full Disclosure describes the effects as potentially nasty, saying "This can be used to load arbitrary Java applets from remote sources (making it an information disclosure as well as it can be used to trigger an HTTP request once the mail is previewed/opened)"
"Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email," the site adds.
It's not sure just what “fully compromise” means in this context, but it is not hard to imagine the consequences of a successful attack could be unpleasant, given the Notes client links to Notes apps that in turn link to databases full of a business' important information.
Things could be worse if an applet is able to emerge from Notes into a PC's Java virtual machine, a scenario Richmond hopes won't come about because email gateways' settings should be maximally hostile to .JAR files. Of course one would also imagine an email client would be maximally hostile to HTML emails calling .JAR files.
The problem affects Notes 8.5.3 and the new Notes 9. IBM promises fixes real soon now. ®