Researchers at CoreLabs have issued a warning for several serious IBM Lotus Notes vulnerabilities that could cause remote execution of arbitrary commands .
The flaws, rated "highly critical" by Secunia, could allow hackers to attach a specially crafted file that triggers remote exploitation when unsuspecting users attempt to "View" the attachment.
The vulnerabilities reportedly affect IBM Lotus Notes versions 7.0 and 8.0.
From the CoreLabs advisory:
Although these specific vulnerabilities exist on a third–party component the problem is compound by the way Lotus Notes displays information about attachments, making it easier to elicit unsuspecting assistance from the users to exploit them. Lotus Notes displays the file type and corresponding icon based on the attached file’s extension rather than the MIME Content-Type header in the email whereas the view functionality is handled by the Verity KeyView component which processes the attachment based on the file contents. Exploitation of these vulnerabilities requires end-user interaction but the discrepancy described above could allow an attacker to send a malicious Lotus 1-2-3 file as an attachment with a seemingly innocuous extension (for example, .JPG or .GIF) that more easily lure users into viewing it thus making it easier to succeed in the exploitation attempt.
The vulnerabilities are caused due to boundary errors within the Lotus 1-2-3 file viewer (l123sr.dll) and can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted Lotus 1-2-3 attachment with e.g. a specially crafted type SRANGE record, Secunia warned.
IBM has posted a note acknowledging the issue and urged customers to contact IBM Support to obtain the patch for the Notes client.
The company also recommended that users disable the affected file viewer by following one of the options in the "How to disable viewers within Lotus Notes" section of its advisory.