Java and JavaScript holes found in IBM Notes

Summary:IBM Notes automatically allows the execution of Java applets and JavaScript contained in emails, leading to potential security issues, the company has confirmed.

Versions of the IBM Notes email and workgroup software package contains a security vulnerability that could allow an attacker to gain control of a victim's computer or install software without them noticing.

The problem affects versions 8.0.x, 8.5.x, and 9.0 of Notes, IBM confirmed on its security bulletin pages.

Notes , formerly Lotus Notes, unlike many other email systems allows Java applets and JavaScript tags inside emails which leaves it susceptible to the possibility that if someone opens an email containing malicious code it will automatically run.

IBM classified the problem with a CVSS score of 4.3 out of 10, meaning that it thinks it is critical.

Read this

How to disable Java in your browser on Windows, Mac

Amid a serious security flaw in the latest version of Java 7, where even the U.S. Department of Homeland Security has warned users to disable the plug-in, here's how you do it.

It has issued interim fixes — Interim Fix 1 for Notes 8.5.3 Fix Pack 4 and Interim Fix 1 for Notes 9.0 — for the Windows versions of its software while it works on a permanent solution.

The interim measures negate the threat by disabling the ability to automatically run Java applets and JavaScript in emails, which will also stop custom apps that rely on Java applets or JavaScript from working.

IBM said a fix for Mac machines is also forthcoming.

Linux users are advised to "monitor fix availability in 8.5.3 Fix Pack 5 and 9.0.1" or to inquire about the possibility of obtaining a fix sooner by raising a support request ticket.

IBM also detailed a workaround for users that would rather not wait for a fix to be issued.

Topics: Security, Enterprise Software, IBM

About

With a psychology degree under his belt, Ben set off on a four-year sojourn as a professional online poker player, but as the draw of the gambling life began to wane his attentions turned to more wholesome employment.With several years' experience covering everything in the world of telecoms and mobility, Ben's your man if it involves a s... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.