Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - Notes file viewer vulnerabilities InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Notes file viewer vulnerabilities

Published: 2008-04-08
Last Updated: 2008-04-08 20:49:33 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

IBM released a technote titled: "Potential security vulnerabilities in Lotus Notes file viewers for Applix Presents, Folio Flat File, HTML speed reader, KeyView and MIME".

The vulnerabilites center around attached files of many types:

  • Text mail (MIME)
  • HTML speed reader (.htm)
  • Applix Presents (.ag)
  • Folio Flat File (.fff)
  • KeyView document viewing engine

Workarounds and on demand patches are available. Secunia (who reported the vulnerability to IBM) has an advisory on the same subject as well.

--
Swa Frantzen -- Gorilla Security

0 comment(s)
Diary Archives