Although these specific vulnerabilities exist on a third–party component the problem is compound by the way Lotus Notes displays information about attachments, making it easier to elicit unsuspecting assistance from the users to exploit them. Lotus Notes displays the file type and corresponding icon based on the attached file’s extension rather than the MIME Content-Type header in the email whereas the view functionality is handled by the Verity KeyView component which processes the attachment based on the file contents. Exploitation of these vulnerabilities requires end-user interaction but the discrepancy described above could allow an attacker to send a malicious Lotus 1-2-3 file as an attachment with a seemingly innocuous extension (for example, .JPG or .GIF) that more easily lure users into viewing it thus making it easier to succeed in the exploitation attempt.
The vulnerabilities are caused due to boundary errors within the Lotus 1-2-3 file viewer (l123sr.dll) and can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted Lotus 1-2-3 attachment with e.g. a specially crafted type SRANGE record, Secunia warned.